Keyoxide Proof
openpgp4fpr:26E947141F348287FF494EAE736EDD9A0151287B
We’re revolutionising VoIP security!
Element Call is an open-source, end-to-end encrypted video conferencing solution built on #Matrix. Say goodbye to insecure communications forever.
Learn more element.io/blog/secure-video-c…
#SecureCommunications #VoIP #OpenSource #VideoConferencing
Secure video conferencing for Matrix
79% percent of technology leaders at large organisations feel their sanctioned video conferencing tools fall short...Archie W (Element Blog)
reshared this
Haproxy and LemonLDAP (or other SSO Provider)
I've got a question to pose towards the almighty Fediverse Hive Mind! 
Do you have any experience replacing Apache2 with Haproxy and integrating it with an existing LemonLDAP SSO Provider?
Why you ask?
I'm currently fiddling around with Proxmox SDN and an Opnsense Firewall to securely compartmentalize the respective networks. Opnsense has a Haproxy implementation to use as reverse proxy, which would greatly streamline my current setup, replacing Apache2 reverse proxy.
If you have successfully implemented Haproxy with another SSO Provider (Authentik, Keycloak, etc?) please let me know your hard earned findings with implementation.
Thank you!
h2owasser🌊
in reply to Peter Schlager • • •Peter Schlager
in reply to h2owasser🌊 • •Thank your for your answer 👍 I'm afraid this all only goes to show that I do not fully grasp the LemonLDAP concepts.
Perhaps you could advise/correct regarding the following:
My old setup has a one-armed LemonLDAP apache2 vhosts machine which also serves as a TLS-terminating reverse proxy.
Now with the dedicated Opnsense Firewall (which of course has multiple arms) I was hoping to replace the one-armed reverse proxy, moving its functionality and config to haproxy in Opnsense while also keeping the existing LemonLDAP machine setup as IDP.
Hence why my research mostly focused on the idea of getting Haproxy to terminate TLS (done) have backend servers as vhosts (done) and only route traffic after doing AAA against the existing LemonLDAP installation on another host.
I suppose this is where my concepts of LemonLDAP fail me
as in that vhosts which should to be protected must also reside upon LemonLDAP itself as apache/nginx vhosts.
I understand your suggestion would simply work, yet introduce another reverse proxy in the mix? Neither would configuration management of the reverse proxy be slimmed down.
I will have to give this some thought.
h2owasser🌊
in reply to Peter Schlager • • •Peter Schlager likes this.