I recently figured out reverse proxies and I have several apps that I want to expose for ease of use for family members. I have found authelia and thought I could set that up as an extra protection against suspicions activity but after thinking about it a bit more I realized that the apps I want to expose already have user accounts and passwords so it would make things a bit more annoying when logging in. plus would authelia even work if the user is using a phone app instead of the web browser?
What are your ways of keeping your servers safe from suspicious activity or even monitoring them for suspicious activity ?
Before this post gets blasted with “just use a VPN” Yes I already have wireguard up and running but trying to get family members setup with a vpn that are technology illiterate is a nightmare
people are not getting the risks of exposing services correctly. think about it again. even you lock everything behind a password protection, if the password is weak, it is still not anything better than no protection. The chain is only as strong as the weakest link. Your tech illiterate family members may very likely setup something like 88888888, then they are effectively making the entire server naked. It is best to use device specific authentication apps like wireguard. If they can’t even use such app, then only expose apps that support webauthn (or oidc, and setup an oidc provider that supports webauthn or nopass), where they can use fingerprint readers on their phone to login.