10000+ ways to do this. Options off the top of my head include: 1. mTLS 2. https://github.com/oauth2-proxy/oauth2-proxy 3. authpf
Each with their own trade-offs and benefits. On Sunday, June 21, 2026, void <[email protected]> wrote: > Hi, thanks for replying > > On Sat, Jun 20, 2026 at 10:10:54AM -0400, Nick Holland wrote: > > I think you need to tell us what task you are attempting to accomplish, >> rather than what tool you are trying to avoid to accomplish it. >> > > The end result I'd like is access to a web resource for one or > two users without opening up that resource to the entire world. > The people needing this resource may or may not be on a dynamic ip. > > But ... my quick answer based on my interpretation of your >> request would be that you are trying to restrict access to a web >> server >> > > yes > > (but I fail to see how fail2ban helps with this). >> > > fail2ban is basically me spitballing, sorry for the haphazard "logic" in > my initial post. It's a thing to consider if there > was no other alternative, and I'd want to discourage things trying > basic auth over and over. > > A couple >> easy ways to do that without htpasswd would be authpf(8) -- log >> into an account via ssh with the authpf shell and your IP address >> is opened up in PF for accessing the web server, >> > > This is a great suggestion and I'm looking at it rn. Although I had heard > of > authpf I had no knowledge of what it did or how it could be used. > > For cases with a small number of skilled users, I'm fond of ssh >> tunnels, as they solve the end-to-end encryption (don't need to worry >> about ssl certs) and you can channel a lot of different applications >> through one tunnel. >> > > I use this too. The machine is headless and I run a vnc desktop through > a tunnel. It's surprisingly quick, even on a rpi4, even using things like > firefox and thunderbird and libreoffice. But this method would be beyond > the > ken of this client. > > The authpf method sounds perfect: > > 1. "double click here" (ssh logs in with key) > 2. "now go here: <url>" > > thanks again for the suggestion > -- > >
