Some pattern for fronting home-hosted service #45

New issue

Open

opened 2026-02-12 19:39:38 +00:00 by tom · 2 comments

tom commented

2026-02-12 19:39:38 +00:00

Owner

This could also be applied to things outside upcloud, but it's mostly for "home" stuff.

Goals:

Do at least "initial" auth in core (#42)
Have a path to tunneled connections to avoid (CG)NAT issues etc.
Have a path to caching (small, dumb varnish perhaps?)
Some kind of protection for home-hosted services (maybe a simple magic header would work?)
- Would be good to avoid IP allowlists, because suck

This could also be applied to things outside upcloud, but it's mostly for "home" stuff. Goals: * Do at least "initial" auth in core (#42) * Have a path to tunneled connections to avoid (CG)NAT issues etc. * Have a path to caching (small, dumb varnish perhaps?) * Some kind of protection for home-hosted services (maybe a simple magic header would work?) * Would be good to avoid IP allowlists, because suck

tom commented

2026-02-12 20:12:26 +00:00

Author

Owner

Follow-up: can/should there be an easy way to have you local service go direct, perhaps via DNS overrides and some kind of hacks for certs?

tom commented

2026-03-09 14:31:04 +00:00

Author

Owner

Some of this is done: simple-auth + magic header thing. Still need some sort of tunnel

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

spoons.technology/core-infra#45

No description provided.

Rows
Columns