I love that thing - I use it with nginx to secure access to stuff running on my home machine that I want to expose publicly (e.g. the Transmission Web UI).
Wouldn't something like Caddy's multipass[1] be easier and with less third-party approval?
That said, I just use Caddy to proxy all my home's internal services with basic auth. At work I use the same setup, except it authenticates against our LDAP server.
What types of webservices? Just pure L7 stuff that has forms on it? Is that oauth2proxy just an authenticated reverse proxy or can it add some security context to the internal interface?
We use it in conjunction with kubernetes service proxy
https://github.com/pedro-r-marques/k8s-service-proxy to access all of our internal services and debug ports deployed in the k8s/GKE cluster. oauth2 proxy authenticates, service discovery in k8s means that we can keep publishing apps. We don't use fine grain ACLs... But i guess that we could if we wanted to.
That said, I just use Caddy to proxy all my home's internal services with basic auth. At work I use the same setup, except it authenticates against our LDAP server.
[1]: https://caddyserver.com/docs/multipass