TL;DR: This blog post is a write-up of the process I went through to setup a set of internal web resources and apps for a small company I am running in my spare time (providing a Single-Sign-On / SSO experience for internal users with web applications protected by flexible access policies including single and multi-factor authentication / two-factor authentication or 2FA).

Background

As I mentioned in the TL;DR above, I run a small software/technology company whereby I needed a way to stand up a few internal resources and web applications for our growing needs.

These needed to be protected and secured from unauthorized access. In addition to this, since the company’s primary mission is all about “self hosting” software and services, it also had to be self hosted or self-hostable.

There were numerous other options I explored but dismissed for various reasons including:

• Setting up an internal VPN
• Just exposing the web applications / resources directly without extra security.
• Using Basic or Digest Auth and a Reverse Proxy
• Using oauth2-proxy and some other solution based on oauth2-proxy that got spun into a commercial company.

Suffice to say a lot of existing solutions were either “too complicated” to setup, proprietary or commercial in some way or just didn’t quite fit the bill.

In the end I picked:

• Authelia - The Single Sign-On Multi-Factor portal for web apps

Why I picked Authelia?

I had my eye on Authelia for a while now, and today (based on needs and internal demands) I finally decided to take a serious look at it.

Immediately I noticed the Docker local bundle which then lead me to an example docker-compose setup. This is important to me as I’m quite a lazy sysadmin and I really hate being one, its boring and installing packages and writes tonnes of configuration is just well not enjoyable.

Do not worry my Kubernetes friends, Deployments has you covered with a k8s deployment (because k8s is an operating system rigt?! 🙄), there’s even a Bare-Metal installation, and I’m quite sure you could adapt Authelia in any environment.

The other reasons I picked Authelia are:

• It provides a simple built-in Authentication layer using a simple YAML file for defining Users, Credentials and other metadata like Display Name, Groups, Email Address, etc.
• It provides a really flexible way to define Access Control so it was very easy for me to setup all the rules I needed for public access, internal access and everything in-between.

Today we announced release v0.13.0 of the Yarn.social backend yarnd that now powers a network of 15 pods around the globe.

You can find the release here:

• https://git.mills.io/yarnsocial/yarn/releases/tag/0.13.0

Yarn/Twtxt (Yarn.social is based on Twtxt) continues to grow steadily every day, and every month or so we see a new independent Pod (what we call instances) come online! 🥳

We are now entering an exciting phase of the project where we will “freeze” the project for a while while we focus on improvements to documentation, relicensing, improved builtin pages, entering the Vultr marketplace and deployment and operator guides.

If you’ve ever wished there was an alternative to Twitter™ (maybe you’re tired of giving up your privacy?) or Mastodon™ (maybe you’ve tried and found it too hard?) then come check out Yarn.social 🤗