Protect your homelab with mutual TLS, ACME device attestation, and a Yubikey
smallstep.comReally cool use of the protocol and yubikey though! I didn't know yubikeys could be used like that.
Personally I'd rather not expose anything at all from my home network since it's easier to not have to think about keeping my reverse proxy up to date so I don't get pwned by a 0-day. AFAIK you can also use cloudflare's tunnels or tailscale's new funnels to access your internal network without needing to have tailscale or cloudflare's daemon installed in anything but one of your servers, but that also moved the root of trust to a third-party (unless you self-host your own tailscale infra! But that's also way more work)
Really cool project overall. I might try it out I know the future when I have a fully developed homelab
I love step-ca and have used it for a few years now. I really like being able to access my stuff without clicking through self-signed cert warnings every time, just add my CA to the system trust store and bam.
Protect it from what threats? AFAICT, nobody gives two shits about my homelab.
I still favorited this because it looks like fun quest :D
Is the likely threat not just bots going hunting for targets with known vulns?
For me, yes. It’s all very low effort though, mainly pinging WordPress admin paths. I’ve had a public Nextcloud instance and password manager for two years now and am not concerned. That said, I recognise it’s suboptimal and wouldn’t recommend it to newcomers.