Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What would be a good design pattern to put these dashboards behind auth? I suppose since they're static files you could just serve them with something like FastAPI or Spring Boot and have your CI/CD refresh the static files throughout the day on shared storage?


I'd recommend a reverse proxy and login server using "forward auth". I made a list of such login servers here: https://github.com/lastlogin-io/obligator?tab=readme-ov-file...


If you're putting these behind a reverse proxy (nginx, etc.) you can just setup client certificate authentication by using your own locally generated CA or by using something like Vault for UI-based certificate generation. When you visit this site with a certificate installed on your device, it will authenticate successfully, and for those who do not have a correct certificate installed, a "No certificate presented" error will be shown.

It's fairly easy to setup and there are multiple guides available for it. Here's one: https://fardog.io/blog/2017/12/30/client-side-certificate-au...


For one, you can deploy them to Observable (with `observable deploy`) and we’ll provide access control.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: