[brazzledazzle]

Have you seen https://github.com/bitly/oauth2_proxy?

[rrdharan]

I love that thing - I use it with nginx to secure access to stuff running on my home machine that I want to expose publicly (e.g. the Transmission Web UI).

[StavrosK]

Wouldn't something like Caddy's multipass[1] be easier and with less third-party approval?

That said, I just use Caddy to proxy all my home's internal services with basic auth. At work I use the same setup, except it authenticates against our LDAP server.

[1]: https://caddyserver.com/docs/multipass

[brazzledazzle]

That's a great use for it I hadn't considered. Thanks for the idea.

[chayesfss]

What types of webservices? Just pure L7 stuff that has forms on it? Is that oauth2proxy just an authenticated reverse proxy or can it add some security context to the internal interface?

[roque]

We use it in conjunction with kubernetes service proxy https://github.com/pedro-r-marques/k8s-service-proxy to access all of our internal services and debug ports deployed in the k8s/GKE cluster. oauth2 proxy authenticates, service discovery in k8s means that we can keep publishing apps. We don't use fine grain ACLs... But i guess that we could if we wanted to.

[willejs]

I'm a big fan. Ive been using it to do 'outside in' google type, expose services on the internet via oauth for ages. Its solid and great.

[mcpherrinm]

I hadn't before this thread. It looks cool. I'm definitely going to look into it more. Thanks!