Peter Schlager

pete@social.cyano.at

#OSS #IT #football #reading #gaming #tabletop

GPG: git.cyano.at/pete.gpg
Keyoxide: keyoxide.org/26E947141F348287F…

Network posts

Sankt Pölten, Niederoesterreich, Austria

@pete:cyano.at

Peter Schlager

11 months ago

Peter Schlager
11 months ago

Keyoxide Proof

openpgp4fpr:26E947141F348287FF494EAE736EDD9A0151287B

Peter Schlager reshared this.

Element

1 year ago

Element
1 year ago

We’re revolutionising VoIP security!

Element Call is an open-source, end-to-end encrypted video conferencing solution built on #Matrix. Say goodbye to insecure communications forever.

Learn more element.io/blog/secure-video-c…

#SecureCommunications #VoIP #OpenSource #VideoConferencing

Secure video conferencing for Matrix

79% percent of technology leaders at large organisations feel their sanctioned video conferencing tools fall short...

^{Archie W (Element Blog)}

reshared this

Peter Schlager

1 year ago

Peter Schlager
1 year ago

Haproxy and LemonLDAP (or other SSO Provider)

I've got a question to pose towards the almighty Fediverse Hive Mind!

Do you have any experience replacing Apache2 with Haproxy and integrating it with an existing LemonLDAP SSO Provider?

Why you ask?
I'm currently fiddling around with Proxmox SDN and an Opnsense Firewall to securely compartmentalize the respective networks. Opnsense has a Haproxy implementation to use as reverse proxy, which would greatly streamline my current setup, replacing Apache2 reverse proxy.

If you have successfully implemented Haproxy with another SSO Provider (Authentik, Keycloak, etc?) please let me know your hard earned findings with implementation.

Thank you!

#linux #opnsense #proxmox #firewall #haproxy #apache

#linux #Apache #Firewall #opnsense #proxmox #haproxy

in reply to h2owasser🌊

Peter Schlager

in reply to h2owasser🌊 1 year ago

Thank your for your answer 👍 I'm afraid this all only goes to show that I do not fully grasp the LemonLDAP concepts.
Perhaps you could advise/correct regarding the following:

My old setup has a one-armed LemonLDAP apache2 vhosts machine which also serves as a TLS-terminating reverse proxy.

Now with the dedicated Opnsense Firewall (which of course has multiple arms) I was hoping to replace the one-armed reverse proxy, moving its functionality and config to haproxy in Opnsense while also keeping the existing LemonLDAP machine setup as IDP.
Hence why my research mostly focused on the idea of getting Haproxy to terminate TLS (done) have backend servers as vhosts (done) and only route traffic after doing AAA against the existing LemonLDAP installation on another host.

I suppose this is where my concepts of LemonLDAP fail me as in that vhosts which should to be protected must also reside upon LemonLDAP itself as apache/nginx vhosts.

I understand your suggestion would simply work, yet introduce another reverse proxy in the mix? Neither would configuration management of the reverse proxy be slimmed down.
I will have to give this some thought.

in reply to Peter Schlager

h2owasser🌊

in reply to Peter Schlager 1 year ago

I am not sure if i really understand your setup, but you can easily configure haproxy doing TLS-termination as dns endpoint. Configure your lemonldap-portal/manager and vhosts as haproxy-backends. Use nginx or apache2 on these hosts, which may listen on port 80. But keep in mind that depending on your configuration (see lemonldap-ng.ini) lemonldap and the vhosts have to communicate to each other (configurationdb/redis etc...) #sso #lemonldap

#sso #lemonldap

Peter Schlager likes this.

⇧

Peter Schlager 11 months ago •

Element 1 year ago • •

Peter Schlager 1 year ago •

Peter Schlager
11 months ago

Element
1 year ago

Peter Schlager
1 year ago