Why not run a wire guard server? If you need to access internal things connect to your wire guard server.

You can try setting up a VPN, eg headscale/tailscale with your home server being an exit node, and then just set up your questionable services on a domain that only resolves locally - and then you don’t need to use authentik for authorisation to those services.

This is what I have been trying recently, and seems to work well.

Cloudflare tunnel is an option, you can even scrap your own nginx

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

[Thread #751 for this sub, first seen 16th May 2024, 06:35] [FAQ] [Full list] [Contact] [Source code]

it just seems to redirect to an otherwise Internet accessible page.

I’m using authelia with caddy but I’m guessing it could be similar, you need to configure the reverse proxy to expect the token the authentication service adds to each request and redirect to sign in if not. This way all requests to the site are protected (of course you’ll need to be aware of APIs or similar non-ui requests)

I have to make an Internet accessible subdomain.

That’s true, but you don’t have to expose the actual services you’re running. An easy solution would be to name it other thing, specially if the people using it trust you.
Another would be to create a wildcard certificate, this way only you and those you share your site with will know the actual sub domain being used.

My advice is from my personal setup, but still all internal being able to remotely access it via tailscale, so do you really need to make your site public to the internet?
Only if you need to share it with multiple people is worth having it public, for just you or a few people is not worth the hassle.

deleted by creator