I have a small homelab that is not open to the internet. I am considering the following setup. Please let me know if there are any glaring issues or if I am over complicating things.
-
I want to setup a reverse proxy in the cloud that will also act as a certificate authority. (I want to limit who can access the server to a small group of people.)
-
I will setup a vpn from a raspberry pi in my home to the reverse proxy in the cloud.
-
The traffic will pass from the raspberry pi vpn to my homelab.
I am not sure if I need the raspberry pi. I like the cloud as the reverse proxy as I do not have a static IP. I would just get a cheap vps from hetzner or something like that.
How will running a CA limit access? eg. Do you want to do client side cert validation? That sounds like an overcomplication. Also not ideal to run a CA (have signing keys) on the proxy server.
Essentially? I don’t want people to share passwords or login at a friends house and forget to logout.
You could use Authelia with MFA, avoid the CA.
Thanks!!
No worries, hope it works out for you!