yep
In my opinion it's the best solution because there's a really low attack surface plus it makes it easy to control which device has access to which services.
Selfhoster1728
joined 1 month ago
Not any in particular but mTLS is essentially just a reverse proxy (like nginx) asking a client for a certificate to be able to access the service behind it.
There are quite a few guides out there, so choose one for your reverse proxy of choice!
Tailscale is simpler but when you're accessing from devices behind VPNs like I do mTLS is a lifesaver.
I use DAVx⁵ for caldav (supports mTLS)
I find mTLS cool too :P
In terms of being a pain it's not that bad with nginx in my opinion. I can just build my own certificate for each service I expose or you use a common one, giving read only access to the key for my nginx containers and in two lines in the .conf it's sorted.
mTLS with a reverse proxy!
How exactly does stuff get broken? Never rly had a problem bumping up the version in docker. The only issue has been the playstore version taking longer to push updates sometimes for the mobile apps.
Just installed arch with chroot on my old rooted phone a week ago.
Seeing this is great because it means there's no need to complicated workarounds or even root access! Plus the distro runs natively and not with difficulties like with chroot :D