Skip to main content

Posts

Showing posts from April, 2024

Authenticating Traefik Apps with Authentik

 Introduction In our previous post , we secured the Homer app with trusted Let's Encrypt certificates using Traefik as a reverse proxy. But what if only authorized users should access Homer? In this blog, we'll address this by adding multi-factor authentication to Homer using Authentik as an Identity Provider (IdP). Objective The core objectives of this tutorial are to: Set Up Secure Access with Authentik:  Install Authentik using Docker Compose and create your first user to manage access control. Secure Homer with Authentik:  Configure Authentik to act as a gatekeeper, ensuring only authorized users can access your Homer application. Simplify Logins with Traefik:  Integrate Traefik with Authentik to enable Single Sign-On (SSO) for a seamless login experience across your applications. Connect Homer to Authentik:  Configure Homer to leverage Authentik's authentication system for secure logins. Topology For the topology details please see the previous post ....

Securing Traefik with Let's Encrypt

Introduction Building on the previous Traefik setup with an internal domain and applications, this tutorial guides you through using a public domain with trusted certificates. Objective The core objectives of this tutorial are to: Deploy Traefik with Automatic SSL using Docker:  This step covers installing the latest Traefik with Let's Encrypt integration and exposing the container to the internet. Configure DNS for Secure Access:  Set up an A record in your domain provider (e.g., Cloudflare) pointing to your pfSense firewall's public IP address for external access and pfsense's DNS server for internal access. Access Applications with HTTPS:  Access your applications using their fully qualified domain names with trusted certificates externally and internally Topology Lets walk through our topology: pfsense This is our firewall which is directly connected to the Internet and doing the following: NATs all traffic from the internal LAN network (192.168.11.0/24) to the WAN (...