Too much pieces that can potentially break. I've been looking at http://nginx.org/en/docs/http/ngx_http_auth_request_module.html and there's this https://github.com/kendokan/phpAuthRequest that is way more self contained and simple to maintain long term. The only issue I'm facing with that solution is that I'm yet capable of passing a token / username in a header to the final application.
TCB13
Okay, I just noticed that I might have mislead you, I forgot to include that I was talking about second hand hardware on eBay or something else. Lot's of companies are getting rid of those machines and they're selling around those price points. Try looking up "Hp mini i5 8th gen" or even 9th gen, sometimes older doesn't mean cheaper, it depends on how much people are trying to dump them.
- TPLink Tapo line - I own those, requires internet / cloud access for setup, then can be viewed by any ONVIF capable software, VLC etc. You can cut their internet access and they mostly work, however timestamps and some features may break randomly;
- Reolink / AMCrest - no internet required, can be setup offline AND have a WebUI that allows full control over all functionality. Check the details of specific models, may vary a bit.
AMCrest is most likely be most offline friendly brand. Here's a testimonial from another user:
I've been using Amcrest and foscam IP cameras at my home for the past several years. I have then connected to a no internet VLAN with an NVR. The models I've been using have an ethernet port and wifi. Setup was connecting to the ethernet port and then accessing the web ui in a browser to configure settings (most importantly turning on RTSP or ONVIF feeds)
Thanks, I’ll have another look.
Hmm this is actually interesting, passkeys would indeed make things simpler.
Those solutions are still way too complex and corporate to my likes. :(
I’ve been looking into some kind of simple SSO to handle this. I’m tired of entering passwords (even if it’s all done by the password manager) a single authentication point with a single user would be great.
Keycloak and friend are way too complex. Ideally I would like to have something in my nginx reverse proxies that would handle authentication at that level and tell the final app what user is logged on in some safe way.
XMPP is way more open and interoperable than all the solutions available, it works like email any user can can talk to any other and doesn’t depend on a some proprietary / closed service centrally owned by anyone. That’s a good selling point.
XMPP doesn’t really force users to sign up with email address, it just happens that XMPP addresses use the same format, many public servers will give you an address like [email protected] that is never mapped to a real email address and only works for XMPP. The decision to actually ask people for their real addresses is up to who owns the server and won’t be directly exposed on the XMPP network.
While I agree with your point just tell me what Matrix does better? It’s better at being overly complicated? Or at being more propriety?
Anything else other than Signal.
... NO internet required, no apps, nothing. Just a WebUI on a browser.