Was this comment meant for a different conversation? We’re talking about VPNs here.

Thought process is: Peertube or some other service’s first job is the purpose for the service, so security likely won’t be as good as a service who’s first job is security.

Really good point. I see many selfhost instructions now that say ‘we don’t bother with HTTPS, just use a proxy to handle that’ and maybe auth should go the same way as in there’s good solutions that specialise in auth so it’s not worth each project doing it themselves.

apps can’t deal with hitting Authentik 1st afaik

Another good consideration. There is an early Peertube app but I doubt my users will be using it, web access is fine for this. Perhaps apps for things like Lemmy/Mastodon/Peertube etc will need to work better with these auth frontends in future.

Really good point. I can definitely restrict to one country and anyone using their own VPNs/TOR/whatever will be sophisticated enough to understand why its restricted and how to keep their access.

Super useful thanks!

I had to look up NPM as in my head it’s NodeJS Package Manager but TIL there’s also Nginx Proxy Manager!

I like your VPN solution for a small group and actually tying it to their home network/router could make sense and further restrict attacks I have to deal with. However in my case I could be dealing with 30+ households of users and as others say I am bound to get people on mobiles complaining they can’t access it. However noted for future projects.

That’s a great suggestion, then I’m not relying just on the app/service to have super secure auth.

Hey thanks for these links I will check them out! Magic links would be great actually as then I am not relying on them to set decent passwords or giving them burden of TOTP/etc which some may not have used before.