How to implement certificate based access to self hosted services? - eviltoast

I am hosting few services for my friends and family on my server. Due to devices limitations, I can’t install VPN on TVs etc. Is it possible to restrict the access to only those users that have a certificate issued by me?

  • trimmerfrost@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Use mTLS (mutual TLS) also called client certificates with nginx or whatever your webserver is

    • amp@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      mtls over nginx is the simplest way. but be aware that while it works great on desktop browsers, other reduced browsers (incl mobile) often don’t support it.

      • trimmerfrost@lemm.ee
        link
        fedilink
        arrow-up
        2
        arrow-down
        4
        ·
        1 year ago

        It works on Android using Chromium based browsers too. You have to install your client certificate in the Android Settings. When you visit the site using a chromium based browser, it will ask you to verify yourself using the installed certificate. I used to use it in the past

        Unfortunately it doesn’t work with Firefox on Android. Don’t know anything about iOS

    • WhyAUsername_1@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Superb. Planning to implement this with Caddy. Nginx was having performance issues , last time I configured it. Maybe I didn’t configure it well…

      Will try nginx as reverse proxy if Caddy doesn’t work well for mTLS.