Hi all, I’ve been in love with the idea of self hosting some essential services for my home and over the past year I’ve set up a domain, a thin client as a server and installed some docker containers that caught my eye.

Since I’m a bit paranoid about intrusion, and already didn’t manage to set up nginx for intranet use, I set up a cloudflare zeroTrust account, since there were a lot of youtube tutorials about that at the time.

So now I’ve set up zeroTrust with a google auth in between my homeserver and the internet, which suits me just fine and is simple enough my SO is willing to use the set up as well.

The one snag I’ve hit with this setup is that i can’t use companion apps (e.g. paperless, grocy, homeassistant) on my phone, since their API access doesn’t cope with coudflare’s routing.

Do you have any advice on how to get a set up that has access control and lets companion apps through to the service? I’ve seen alot of recommendations for wireguard and VPNs, but I’m not sure my wife’s company laptop and phone will play nice with those, since I assume I’d have to install a client.

  • polymachine@feddit.deOP
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    You’re right about the spotty support for Service Tokens, so far i could only find a planned inclusion in paperless, and maybe a cludge for homeassistant? a PR in Home Assistant Companion.

    I’ve found a Reddit post recommending the usage of mTLS cert rules, but looking into that I just feel overwhelmed.