The original post: /r/selfhosted by /u/PhilipLGriffiths88 on 2024-10-04 09:08:23.

A colleague just wrote this blog on accessing Portainer with BrowZer, our ‘clientless’ endpoint for OpenZiti, the open source zero trust network project we both work on. I believe Portainer is used a lot in this sub so I hope some people find it interesting.

TL:DR; it explains why Portainer is an exceptionally privileged piece of software, it introduces some solutions to access it today - port forwarding, IP whitelisting, VPNs, and proxies - as well as the drawbacks for each. It then introduces BrowZer and demonstrates how easy it is to use with Portainer, and the benefits which are achieved including no need to expose ports or mess with port forwarding, ACLs, install VPNs, and that it works from any device with a browser.

In a nutshell, BrowZer provides a public SaaS app experience (no need to load client, mess with DNS, just log into your IdP) while the end application stays in a completely private network with no inbound ports, while getting mTLS, E2EE and more into the users browser.

https://blog.openziti.io/the-safe-way-to-make-portainer-internet-accessible