this post was submitted on 08 Jan 2024
679 points (99.0% liked)

Selfhosted

40645 readers
346 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Greetings everyone! Daniel here, I've been working on Linkwarden part-time over the past few months.

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages.

Key features:

  • πŸ“Έ Preserve webpages as Screenshot, PDF, etc. So you can access them even if they are taken down.
  • πŸ‘₯ Collaborative, so you can share your collections with your friends and colleagues. You can also make them public and share them with the world.
  • πŸ“± Designed for every screen size, from widescreen monitors down to smartphones.
  • ⚑️ Open source and fully self-hostable!
  • ✨ And so many more features! (Literally, just didn't want to make this post too long. Check out the Github repo and Website for more info...)

If you like what we're doing, you can support the project by either starring ⭐️ the repo to make it more visible to others or by subscribing to the Cloud plan (which helps the project, a lot).

Things like mobile app (PWA) are already on the project roadmap and I'm so excited to share them with you in the future.

Feedback is always welcome, so feel free to share your thoughts!

Website: https://linkwarden.app

GitHub: https://github.com/linkwarden/linkwarden

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 17 points 11 months ago* (last edited 11 months ago) (2 children)

The general principle is called single sign on (sso).

The idea is that instead of each all keeping track of users itself, there is another app (sometimes called an identity provider) that does this. Then when you try to log into an app, it takes to the to login of your identity provider instead. When the IP says you are the correct user, it sends a token to the app saying to let you access your account.

The huge benefits are if you are already logged into the IP on a browser for example, the other apps will login automatically without having to put in your password again.

Also for me the biggest benefit is not having to manage passwords for a large number of apps so family that uses my server have 1 account which gives them access to jellyfin, seafile, immich, freshrss etc. If they change that password it changes it for everything. You can enforce minimum password requirements. You can also add 2FA to any app now immediately.

I use Authentik as my identity provider: https://goauthentik.io/https://goauthentik.io/

There's good guides to settings it up with traefik so that you get let encrypt certificates and can use traefik for proxy authentication on web based apps like sonarr. There are many different authentication methods an app can choose to use and Authentik essentially supports everything.

https://youtu.be/CPURnYaW3Zk

SSO should really be the standard for self hosted apps because this way they don't have to worry about ensuring they have the latest security for user management etc. The app just allows a dedicated identity provider to worry about user management security so the app devs can focus on just the app.

[–] [email protected] 4 points 11 months ago (1 children)

Authentik is pretty good. Authelia is good too, and lighter weight.

You can combine Authelia with LLDAP to get a web UI for user management and LDAP for apps that don't support OpenID Connect (like Home Assistant).

[–] [email protected] 1 points 11 months ago (1 children)

If you have to add a whole other app the match what authentik can do, is authelia really lighter weight?

Im joking because authentik does takes a decent chunk of ram but having all protocols together is nice. You can actually make ldap authentication 2FA if you want.

[–] [email protected] 1 points 11 months ago (1 children)

Interesting... How does Authentik do 2FA for LDAP?

I'm going to try it out and see how it compares to Authelia. My home server has 64GB RAM and I have VPSes with 16GB and 48GB RAM so RAM isn't much of an issue :D

[–] [email protected] 1 points 11 months ago (2 children)

Because authentik uses flows, you can insert the 2FA part into any login flow (proxy, oauth, ldap etc)

https://youtu.be/whSBD8YbVlc

[–] [email protected] 1 points 11 months ago

Here is an alternative Piped link(s):

https://piped.video/whSBD8YbVlc

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago) (1 children)

LDAP sends username and password over the network though... It doesn't use regular web-based authentication. How would it add 2FA to that?

[–] [email protected] 1 points 11 months ago (1 children)

The above YouTube video shows that you can get authentik to send a 2fa push authentication that requires the phone to hit a button in order to complete the authentication flow.

[–] [email protected] 1 points 11 months ago

Ohhhh, interesting. Sorry, I didn't watch the video yet. Thank you!!

[–] [email protected] 1 points 11 months ago

Thank you for the detailed answer! It seems really interesting and I will definitely give a try on my server!