Very kind of you! I am really happy that I could help you out! 😊

Glad to hear that! Hope you having fun configuring your instances!

Glad to hear that :)

Yeah it's not that fancy, but if it serves the purpose then I guess it's okay 😀 But I you are right, you can map specific groups of portainer to some custom claim in the token, which contains the groups of Authelia!

Thanks @Nemesees ! For this demonstration purpose I did nothing in particular to harden the server completely because I shut it down afterwards. But in other cases I mostly do stuff like denying root logins, disable pw logins, only allow ssh logins and sometimes extend ssh logins to provide a totp. UFW is a nice tool which I enable, and extend to work with docker (github.com/chaifeng/ufw-docker). On traefik I use crowdsec, and sometimes authelia. You could extend this with really private services to run only in a private subnet and make them accesable via a vpn connection or tailscale... millions of possibilities 😄 But until now I did not use docker namespace remapping. I will check that out and will learn how to do it. Thanks for the hint! And sometimes I use cloud-init scripts or ansible playbooks, and sometimes do it with my bare hands, as it is fun (only when you do not too often 😄) What do you usually do to harden your servers? Maybe I can create a video about different possibilities to harden servers :-) Cheers!

@@techwithmarco Thanks for the detailed answer. As of now, I always apply the standard techniques to harden a server (such as no root via SSH, no password auth and only with key pairs etc), then I change the namespace by following the simple guide on the docker documentation so that the containers don't run as root. Unfortunately, by changing this particular setting, I often find myself having to pass in the docker compose files the parameter "userns_mode: host" due to the fact that some services containerized require higher privileges. I'm always on the lookout for possible ways to harden my servers and by not blocking too much that it becomes hard working on them.

Always happy to save someone a headache :)

Thanks! Always appreciate these comments 🙂

That won't work because you do not have the control over the google site, to redirect to your authentication website. Correct me if I'm wrong about your setup 😄

so i need to use a google product as an authentication tool in my google site , i just want to make members area page that will be inaccessible to non members thank you :) @@techwithmarco

Danke, Meister 😎

I already tried to do that in my newest videos :)

I am not sure as I have never used HAproxy, nor OpnSense... All I can do now is guessing 😄

Thanks! Always appreciate these comments 🙂