I have wanted some form of lighter than tailscale auth for my homelabe. One example is the voice agent, where I want to show it off without having everyone on the internet have access. So I finally set up auth via Caddy and google IDP.

There are docs:

and many helpful blogs:

I used caddy-security to host a portal, providing signin with google. I spent some time looking at IDP providers, before copping on I could just use caddy. I also set up the discord and github IDPs, which also seem to work fine.

This is first a project I asked AI to do. And it made a total mess of it, and couldn’t dig itself out. I ended up doing most of the work by hand. This was fairly disappointing, but also educational.

I have probers for some services, so have ended up allowlisting some tailscale IPs.

I would love for a tailscale serve features to be added to caddy, perhaps in Caddy tailscale.