Of course, for the things that matter a bit more, you can also run your own CA and do mTLS, even without any of the other fancy cloud services.
The guides I find often contain the openssl incantations with little explanation so I feel a bit like stumbling through the dark. I realize how much I've taken stacktraces for granted when this auth stuff is very "do or do not, there is no error"
[0] https://github.com/alangrainger/immich-public-proxy/blob/mai...
Alternatively, this guide focuses on Apache2 configuration but also goes through the certs https://www.openlogic.com/blog/mutual-authentication-using-a... (it’s a little dated though)
Here’s also something a bit more recent for Nginx https://darshit.dev/posts/two-way-ssl-nginx/
Chrome, Firefox, Internet Explorer -- all support some form of kerberos auth in HTTP/HTTPS.
Windows and Linux have both had their fair share of network stack bugs, OpenSSL had Heartbleed and a few other bugs, and hell you might even run into bugs in Apache or whatever other webserver you are using.
Yeah but these days with botnets widely available to hire? Everything is fair game and whatever you run gets indexed on Shodan and whatever almost immediately. The game has never been easier for skiddies and other low-skill attackers, and mining cryptocoins or hosting VPN exit nodes makes even a homelab a juicy target.
My homelab for example sports four third-hand HP servers with a total of about 256GB RAM and 64 CPU cores on a 200/50 DSL link. That's more than enough horsepower to cause serious damage from.
