Jim, your videos are top notch. Keep them coming. Looking forward to advanced zitadel videos from you with more explaining on different type of integrations ❤
@Jims-Garage9 ай бұрын
Thanks 👍
@jp_baril9 ай бұрын
Nice video on not only the installation but also the setup, some concepts, and actual demo. It would be really great if you could create another video to explain in more details the setup and the use cases of roles/grants on a per app-basis as you mentioned.
@Jims-Garage9 ай бұрын
Thanks, I plan to revisit at a later time. I'm still learning some of the concepts and how best to use them. Some of the joys of a new product.
@TeubyDE2 ай бұрын
@@Jims-GarageGreat Video! Loving it! But still stuck at the same topic as jp_baril. Any hints how to get the Statically assigned teams based on zitadel roles working? I am stuck on this topic since hours ^^
@SerialkillerinTraining9 ай бұрын
Your subscribers have blown up, I swear when I first subscribed you had only a few hundred. Your videos are amazing and keep up the good work!! Currently I am setting up my 26U Rack that I picked up and I am pricing out servers to start my homelab journey.
@Jims-Garage9 ай бұрын
Hey, thanks. Yes, I'm overwhelmed by the support, thanks to all. It's exciting kitting out the first proper Homelab, drop a pic in Discord when you're all set up.
@nelco638 ай бұрын
Great Video Jim and Thanks for sharing! Zitadel was launched a few years back but had gone quiet but it seems they have been busy with the cloud feature so would love more indepth videos on how Zitadel removes the heavy lifting when implementing Roles in Multi Tenacy SaaS Apps (Next Js, Trpc, tailwind, Drizzle, Postgres Stack). We have struggled implementing this!
@Jims-Garage8 ай бұрын
Awesome 👍 I'm planning to come back and revisit soon!
@SpakkaCloud9 ай бұрын
Another great video Jim, keep ‘em coming. I will definitely be playing with this in the HL, curious to compare it to keycloak and authentik.
@Jims-Garage9 ай бұрын
Thanks 👍 it's a tough one, depends if all your apps are OAuth/OIDC compliant. I suspect Authentik ticks most boxes for homelabbing.
@stephanelambert18466 ай бұрын
For those who get a "network proxy declared as external, but could not be found" error. Just run the command "sudo docker network create proxy"
@cheebadigga40929 ай бұрын
Thanks for the video. Really cool! I think Zitadel is more "homelabby" wheres keycloak is more "enterprisy". Keycloak has too much Red Hat fluff added which I personally don't like as much in homelabs. I'm a bit confused though. You said you were using docker volume mounts, when in your docker compose file, only 1 volume mount (in service zitadel) is a docker volume mount, and the other 3 are bind mounts. So it's a mix of both. I guess your explanation was focused on "as their recommendation", which makes total sense. That bit before still might be confusing for beginners
@-rm-rf9 ай бұрын
I know what I'll be doing this weekend :D
@Jims-Garage9 ай бұрын
It's really impressive
@Glatze6039 ай бұрын
Hi Jim, another cool security approach is the open source application freeipa - a central user management for Linux with extended possibilities for the restrictive use of sudo commands and system services such as RDP, SSH etc.
@Jims-Garage9 ай бұрын
Thanks, I'll take a look at that.
@Zbhullar4 күн бұрын
hey great tutorial, but any chance could you provide a docker compose.yml file with nginx configurations as opposed to traefik? that would be greatly appreciated!
@silvanreusser18299 ай бұрын
Hi Jim Thank you very much for this great video 👍 It’s interesting to see how zitadel is used and how we can further improve
@Jims-Garage9 ай бұрын
Glad you enjoyed it
@tomaszpankowski89036 күн бұрын
Spent 3 hours on trying to log in to the thing using the external domain, for some reason it wouldn't work with admin-zitadel account if the externaldomain had 4 parts, it workd only when adding new user through env variable, and even then the webpage would error out just after logging in I think it was missing email address. If first logging in is this convoluted I'm too young and beautiful to waste time figuring out the rest.
@justinbrennan117 ай бұрын
Great video tutorial :) Smooth install and login but i had an issue with portainer where it wouldn't let me login. Had to create the zitadel username manually with the default admin account.
@Jims-Garage7 ай бұрын
Thanks, that issue is odd. During testing I had to do the same, and then another time I didn't...
@justinbrennan117 ай бұрын
@@Jims-Garage no big issue. Hopefully it doesn't do the same with the other apps. Only tried the portainer one for now. Looking forward to the followup for zitadel you mentioned
@tw382034 ай бұрын
I'm not sure this is of any help but I've heard of this issue before. It seems that this might be related to Portainers auto use provisioning, as the issue can occur when using Authentik as well...
@kunalkamble45725 күн бұрын
hey i want to setup authentication server on any open source mail server on my ubuntu local machine so please help me.
@bluesquadron5939 ай бұрын
Just got comfortable with Authentik. Although there are things still can’t make work, BUT should I switch over to Zitadel? Or there are not much more upsides to it in a homelab environment..
@Jims-Garage9 ай бұрын
Authentik is probably the best solution at the moment as it does both OAuth and proxying.
@teolcd6 ай бұрын
Can you do a demo what to do with the grant?
@DudeItsDallyBoy9 ай бұрын
Hey Jim awesome video as always. Question. Can I use zitadel for apps that don't offer OAUTH / OIDC natively. I was holding off on doing Authentik until you this video was out as it seems to be newer and more feature rich. Do you know if Zitadel offers a proxy? I could find anything in the documentation regarding it? Ideally i would want to use treafik middleware to secure apps that don't support OAUTH or OIDC by forcing sign in via a proxy page before allowing access to my apps. Similar to how Authelia works.
@Jims-Garage9 ай бұрын
Thanks. I don't believe so. To my knowledge Authentik is the only 1 stop shop for homelabbers.
@ltonchis1245Ай бұрын
Jim, would you recommend Zitadel over Authentik?
@Jims-GarageАй бұрын
@@ltonchis1245 not for a homelab, many homelab apps don't support oauth2
@autohmae8 ай бұрын
I've yet to figure out which is the best, but Authentik supports SCIM which the others seem to be missing. I actually think this is an important feature long term. So the user can be created in Authentik and then automatically added with the right group/role in Portainer in this case (sadly Portainer does not support this I believe).
@Jims-Garage8 ай бұрын
I think Authentik is probably the best homelab solution as it covers all bases. It is, however, community made so it comes with usual possible issues.
@autohmae8 ай бұрын
@@Jims-Garage what do you mean with community made in this case ?
@Jims-Garage8 ай бұрын
@@autohmaeMy understanding is that Authentik is community driven which means it's community supported, patched, updated etc. This could leave you with security vulnerabilities and issues that there is no typical SLA in place to fix. Very unlikely to be an issue, and you can migrate, risk control etc, but something to think about.
@autohmae8 ай бұрын
@@Jims-Garage their is a company build around it. Which is also why they have pricing for hosted solution and "Enterprise Self-Hosted" on their website. 🙂 Is that different from the offerings for Zitadel ? Maybe this is a problem with the language barrier, English isn't my first language, but as far as I can see, I see no difference between these 2 in that category.
@Jims-Garage8 ай бұрын
@@autohmae okay, you're right. I wasn't aware of the enterprise subscription. My last post is likely invalid
@Rockshoes15 ай бұрын
Love your content! What’s your take on Authentik vs Zitadel?
@Jims-Garage5 ай бұрын
I'd go with Authentik for a homelab. Does it all
@mybusinesstracker-jobinvoi82137 ай бұрын
Nice video anymore Zitadel videos coming?
@Jims-Garage7 ай бұрын
Yes, soon (no timelines). I want to do it when it makes sense with major releases.
@fedefede8439 ай бұрын
Very nice! Another fenomenal option for authentication. Can I make a request? Since you mentioned on this video, about the plain passwords on the compose files. It is a flaw we all do have. It would be really nice to explore solutions like Hashicopr's Vault for instance and create some content around it. Thanks!
@Jims-Garage9 ай бұрын
Thanks 👍 it's not really too much to worry about in a homelab, but in production you'll want to secure your secrets. Kubernetes makes it pretty simple with things like sealed-secrets
@fedefede8439 ай бұрын
@@Jims-Garage yes, but I use most of the Homelab to learn (and play for fun too) and then many times end up adding these tools, products, solution, etc at work. Vault is something I am currently testing, that's why the request ;) Is it possible to use a tool like Vaultwarden/Bitwarden for this purpose?
@olsenlid9 ай бұрын
You could just add environment variables for passwords in Portainer. In this case, add the env var "secret", and place it in the compose file as "$secret"
@fedefede8439 ай бұрын
@@olsenlid Hi. Yes that is correct. I like a bit better that approach, since you are not exposing the secrets in the compose file, and also let you define your secrets in a more organised (and centralised?) fashion. Nevertheless from the security perspective, it is just moving the issue somewhere else.
@amjads89714 ай бұрын
Is it an open source ?
@Jims-Garage4 ай бұрын
I don't believe so
@swish61433 ай бұрын
Yes it is
@Jims-Garage3 ай бұрын
@@swish6143 thanks for clarifying
@AinzOoalG0wn9 ай бұрын
ty for the share Jim. However i'm confused how exactly do you get this to work with traefik. I saw that you covered how to do it for portainer. But what about other docker containers? How do you go about getting those containers to use zitadel for authentication using traefik (auth forward is the term i believe) ? Do i have to add traefik labels? any examples :} ?? *update i noticed that DudeItsDallyBoy has a similar question as me
@Jims-Garage9 ай бұрын
This is only for apps that support OAuth2/OIDC. Apps that's don't you'll need to use a proxy like Authentik or Authelia.
@AinzOoalG0wn9 ай бұрын
@@Jims-Garage ty for the reply jim. ya i scolled all the the way to the bottom and found your reply on that. so now i've moved onto your authentik video setup xd. now i'm trying to troubleshoot to get that to work ^-^;
@subzizo0919 ай бұрын
hello jim , thanks for the great videos keep it up, please i have a question related to reverse proxy "treafik" how can i use it without a domain name in local environment
@Jims-Garage9 ай бұрын
Thanks 👍 you'll need to follow the localhost guide. Everything else in my video should be valid. zitadel.com/docs/self-hosting/deploy/compose
@subzizo0919 ай бұрын
@@Jims-Garage i mean in general not with zitadel , how i configure treafik to work with server ip as its test env. and i dont want to use the port for every app i want to use serverip/app , is it possible
@Jims-Garage9 ай бұрын
@@subzizo091 typically you would simply specify ports in the compose app, and then you would access it by doing dockerIP:appPort
@subzizo0919 ай бұрын
@@Jims-Garage ok , thanks jim for your efforts
@giuseppebinetti875 ай бұрын
Is there a way to set this up with proxmox?
@Jims-Garage5 ай бұрын
Yea, should support OAuth2
@giuseppebinetti875 ай бұрын
@@Jims-Garage I’ve seen your messages in their discord asking for support about setting up proxmox but can’t find the definitive answer to those questions
@draukuxan10819 ай бұрын
Really slick looking project! I'll be giving this a shot in my homelab. Have you found a way to integrate the authentication with Proxmox? If it's in the documentation, I'm still watching this vid, so haven't delved into the docs for Zitadel yet, but will.
@Jims-Garage9 ай бұрын
Thanks, sadly I haven't managed to integrate Proxmox yet. Hoping we can have a community effort, try by numbers approach ha. I have a feeling it's an issue on the Proxmox side... But Proxmox does work with Keycloak and Authentik.
@loicdupond75507 ай бұрын
@@Jims-Garage arf :) reading this comment now after finalizing the installation :D which one do you recommend between keycloak and authentik based on your experience ? Like which one do you use yourself in your homelab ?
@Jims-Garage7 ай бұрын
@@loicdupond7550 Authentik. It does both OAuth and proxy for non-OAuth apps.
@loicdupond75507 ай бұрын
@@Jims-Garage Thanks for the blazing fast answer and great content !
@thereal-ghostАй бұрын
having to manually add users defeats the purpose of this overall. I can't add this to a website to allow users to authenticate since I'd have to manually add them. Probably just stick with normal email authentication codes as it's much simpler and just as secure.
@Jims-GarageАй бұрын
I disagree, the setup I demonstrated is not for customer login / public. This is typically used in enterprise for trusted users / employees. You can integrate it with third party identity providers like Google/Microsoft etc to enable what you're after.
@qoutwest9 ай бұрын
Is this better than Authentik?
@Jims-Garage9 ай бұрын
Spin it up and decide... It's a good product, but if you need a proxy and OAuth you're better off with Authentik at the moment.