Hi everyone, looking for some NVR software to run a bunch of Cisco 6630 cameras I picked up (I know I know, but at <20$/camera…)
I looked at a few like ZoneMinder and Frigate but they all seem to only support basic HTTP auth and I spent a lot of time and effort getting Authentik working nice and smooth and dammit I want to use it for everything I can lol
Just “classic” LDAP is fine too, at least it’s still using some part of my central authentication infra lmao
I just installed Pomerium and got it to integrate with AdguardHome and my router which both use basic HTTP, I also use Authentik. It’s a bit of a learning curve, but in short, this is what the config.yaml file needs to work to get it up and running:
The basic auth header for this is just UN: example PW: Password
authenticate_service_url: https://verify.mydomain.com idp_provider: oidc idp_provider_url: https://Authentik.mydomain.com/application/o/pomerium/ idp_client_id: AUTHENTIK'S CLIENT ID idp_client_secret: AUTHENTIK'S CLIENT SECRET idp_provider_scopes: null routes: - from: https://agh.mydomain.com to: http://192.168.1.200 ##Adguardhome address policy: - allow: or: - email: is: [email protected] set_request_headers: # https://www.blitter.se/utils/basic-authentication-header-generator/ Authorization: "Basic ZXhhbXBsZTpwYXNzd29yZA==" #AdguardHome allow_websockets: true - from: https://router.mydomain.com to: http://192.168.1.254 policy: - allow: or: - email: is: [email protected] set_request_headers: # https://www.blitter.se/utils/basic-authentication-header-generator/ Authorization: "Basic ZXhhbXBsZTpwYXNzd29yZA==" #Router allow_websockets: true cookie_name: pomerium cookie_secret: RANDOM 32 CHARACTER COOKIE= cookie_domain: mydomain.com pomerium_debug: true
So, now when I go to my Adguardhome’s URL ( agh.mydomain.com), it auto directs to my Authentik instance, then upon matching my signed in email in the browser session, it transparently logs me into Adguardhome without issue. The same applies to my router’s login.
In short, if you have found an NVR which supports basic http auth, Pomerium is the missing piece I’ve found to work.
Check alternativeto.net. Search for any software and it will give you a list of other options and what they are all about.
Shinobi can do LDAP