I thought I was going to use Authentik for this purpose but it just seems to redirect to an otherwise Internet accessible page. I’m looking for a way to remotely access my home network at a site like remote.mywebsite.com. I have Nginx proxy forwarding with SSL working appropriately, so I need an internal service that receives the traffic, logs me in, and passes me to services I don’t want to expose to the Internet.
My issue with Authentik is if I need to access questionable internal websites I have to make an Internet accessible subdomain. I don’t want authentik.mywebsite.com to redirect to totallyillegal.mywebsite.com. I want it to redirect to 10.1.1.30:8787.
Is there anything that does that?
The exact setup can be achieved by tailscale, a not really known feature is you can point your domain to the, tailscale IP (new ip assigned by tailscale), and it will act just like a normal hosting setup.
Advantage, any device or someone who you do not pre approve can’t see anything if they go to the domain and subdomain. They only work if you are connected and authenticated to tailscale network. I have a similar setup, if you need more pointers please ping me.
I ended up going with tailscale. Every other option exposed my secret services to the Internet, even if behind a password. Tailscale was ridiculously easy to set up too. The docker compose I used had Heimdall in it too so I was able put all my links on there. Procedure is connect with tailscale app -> go to http://illegalshit -> click/tap on relevant link. I might pull back on my Nginx proxy targets and port forwards for this more secure system.
What happens if tailscale goes down though?
I actually use Nginx. The major advantage is if you have to access something directly. For example a client app in your device wants to access a service you host. In that case Heimdall won’t be enough. You can still use ip with port, but I prefer subdomains. I use Nginx Proxy Manager to manage everything.
Regarding the network going down, the proprietary part of the tailscale is the coordination server. There is an open source implementation of the same, called headscale. If you are okay with managing your own thing, this is an alternative. Obviously the convenience will be affected.
Apart from that, if you haven’t already read this blog post on How tailscale works? I highly recommend reading this. It gives a really good introduction to the infrastructure. Summary is your connections are P2P, using wireguard. I don’t think tailscale will have a failure scenario that easily.
I hope this helps.