I mean, it is a bit rough, they’re not at 1.0 yet, also: are you looking at the stable or latest docs? That may be the reason the commands do not match with the docs.

I didn’t have any issues, do you see anything in the logs?

Yeah, sounds like a security feature… I was able to configure Traefik to connect with TLS, verifying the peer certificate.

Yes, it should cover all the use cases you mention!

I use oauth2-proxy as ForwardAuth on Traefik so I can protect apps that do not support OAuth/OIDC login/

I use kanidm with oauth2-proxy. No issues so far, it was pretty easy to set up.

Note that the connection to kanidm needs to be TLS even if you have a reverse proxy!

EDIT: currently using 80MB RAM for two users and three Service Providers.

I also moved away my domains and the ones of the hackerspace I manage, mainly to:

• infomaniak (Switzerland): a bit too pushy with extra services, but not bad
• openprovider (NL): more geared towards bulk users, have to prepay (min 20€), but okay so far
• aruba: meh, but free mailboxes are nice

I also use Migadu, they have been great so far!

desec.io for DNS, also great and supported by Traefik for DNS-01 ACME challenge.

I think you can create a group for friends and a group for family. If you want more separation I think Authentik handles multi-tenancy as well

I’m using sops with my GPG key currently.

It’s a bit chaotic, and they try to force you to pay for other stuff in the process, but the prices were not that far off from other registrars. Note that I use DeSEC for the actual nameservers though.

I’ve moved mine to Infomaniak (Switzerland), no complaints so far!