Comment by dugite-code
17 hours ago
It's got some rough edges. I want to sit down and build it so I can add an id to the TOC so I can CSS style it to be floating and submit it upstream.
I'm also having issues with integrating it with Authentik's header proxy auth, keeps directing me to a note with the outpost path as the name. The only guide is for authelia.
It does, it's not perfect, but nothing ever is.
I haven't tried putting it behind Authentik or Authelia. They make it known in the Authelia guide what it is they care about being always exposed, vs password protected. Hopefully you get it figured out and you can update the docs so the next person doesn't have the same headache!
I just put it behind a <uuid>.mydomain.com with a domain TLS cert and use the built-in auth.
The wildcard TLS cert keeps the <uuid> from being public in the cert log. The only way you know the URL is if you have access to my DNS queries or have a MITM setup. Plus you still have to know my password.
Good Enough for me.
If I cared a bit more I'd put it behind Tailscale/Nebula/etc instead of having it publicly accessible. Maybe next time I'm bored I'll do that.