| ▲ | djlameche 4 days ago | ||||||||||||||||
Sorry if this is a noobish question, but would this allow me to access services on a VPS, that I do not want publicly accessible on the internet? In other words: Let's say I have a VPS with eg. Keycloak running on it. I want to be able to access it for management purposes but don't want it exposed to other people on the internet. Would Pangolin be a way for me to do this? | |||||||||||||||||
| ▲ | dizhn 4 days ago | parent | next [-] | ||||||||||||||||
Don't you use Keycloak for SSO? The ports needed for that needs to be accessible so services can talk to it. If there's a dedicated port for management you can still use it with software like pangolin. Run the management service on only a local port and access using this software or wireguad. I use authentik and as far as I know the management is on the same web port so I have to allow some paths to be accessible to the world. | |||||||||||||||||
| |||||||||||||||||
| ▲ | fossorialowen 3 days ago | parent | prev | next [-] | ||||||||||||||||
Good advice in this thread. If its just you then ssh tunnels or tailscale or netbird or pure wireguard are all fine. You could use Pangolin for this and put auth in front of the web page of Keycloak using a local Pangolin site and that would be fine too. It depends on how important the security is to you and who else might want access. | |||||||||||||||||
| ▲ | zakki 4 days ago | parent | prev | next [-] | ||||||||||||||||
I guess you have to use firewall as well. So basically you block any access from internet except VPN service. And you can have rule which IP allowed to access your VPN service. | |||||||||||||||||
| ▲ | TheTxT 4 days ago | parent | prev | next [-] | ||||||||||||||||
Did you already consider using ssh port forwarding? That way you can temporarily forward the local port that keycloak is running on to your machine | |||||||||||||||||
| |||||||||||||||||
| ▲ | jychang 4 days ago | parent | prev [-] | ||||||||||||||||
You want Tailscale for that. | |||||||||||||||||