Can I rent an 8 core 16gb vps and then put friendica, mbin, mastodon, and lemmy on it? Can I somehow use the same site to login to all of them or would it be like m.site, l.site, etc.
I use a hypervisor? enhance.com rnow to control my wordpress sites, can I still monitor/backup the servers with enhance while manually setting up fediverse instances? I could setup roles like nginx, mariadb, through it and when I do that it lets me easily setup, backup, and migrate websites to different servers I lose this functionality if I dont set up those roles through the panel. So I was wondering if I can set up those roles and then just setup the websites manually through ssh following the guides. Do they all use nginx other than friendica?
Interested in friendica, mbin, lemmy, mastodon, and peertube (going to rent another server and more storage eventually if I do that
Caveat: this is not my area of expertise. However, I agree SSO is going to be the hardest part of this.
OP, you can use lldap to centralize authentication, so that each user had only one account and one password for all sites. It’s trickier to get each of these platforms to work together with SSO. For that, you’ll need something like Authentik (OSS SSO solution, like Okta) which you then back by lldap - Authentik handles the SSO and authorization part, and uses lldap for the authentication part. I suggest doing it in stages: install your servers, get them using lldap to log in, and then when it’s all working insert Authentik into the mix. Doing something like this and learning all the technology at once is boiling the ocean.
I’m recommending lldap over OpenLDAP because I’ve used both extensively, and OpenLDAP is a nightmare whereas lldap isn’t. lldap is trivial to install, and comes with a nice, simple user/group admin web interface, a sane default schema configuration, and is stupid easy to back up. Just getting OpenLDAP configured with the right schemas can take forever. If you’d said you already had a lot of experience with LDAP in general, then sure: OpenLDAP is capable and powerful. But it’s harder.
My one caveat about lldap is that I’m not sure that it’s possible to set up master/slave replication - or any sort of replication - which is probably not going to be an issue for your all-in-one set-up, but would limit scaling and failover if you ever get there.
I do rant a little about OpenLDAP because LDAP was in supposed to be lightweight OLAP, and yet is some of the most frustrating software I’ve ever had to deal with.
Again, I’m not a devops, or any sort of ops, guy, so my perspective is colored by the an attitude that ops is a necessary evil, and not something I love, so easier==better.
Alternatively, you can add an LDAP outpost/provider to Authentik. Now you don’t need to manage any LDAP server at all, and use the Authentik directory to manage users and groups. wiki link
I haven’t used Authentik myself at all; Okta at one place I worked, but that was managed by the ops team so I didn’t have much to do with it.
Committing to LDAP is one thing; getting SSO is a whole other level of effort. Again, I have experience with LDAP so it seems manageable, and common enough to be worth setting up - does a large enough portion of OSS hosted software support SAML or OpenID or whatever to make setting up Authentik worth the effort?
I’ll re-iterate, I do not enjoy ops. I do it only because it’s slightly more important to me to have control over my data than it is to not have to admin stuff. I like lldap specifically because it’s a single executable, one or two really basic config files (requiring a bare minimum of understanding LDAP to configure), and one SQLite DB file - backing it up is, like, 3 files. This has huge value to someone like me, far exceeding the capability limitations of lldap vs OpenLDAP. If Authentik is just as easy, with minimum external dependencies, then I’m interested. If I have to install, configure, and administer and maintain PostgreSQL, redis, and a half dozen other external dependencies… then my family can live without SSO :-)
Yea no I’d never recommend Authentik for its simplicity. In fact I’d say it’s pretty complicated to set up and a lot harder to learn how to use.
It does indeed need an external database, and likes to run in a kubernetes cluster…
I mostly set it up to learn about SSO, but by now it’s hooked into everything I could hook it up with.
Definitely not worth the effort in any normal homelab scenario, apart from needing some cool points
Thanks!