what is the use of SSO there? How this would work with other selfhosted applications that require their own auth? Because if you need to authenticate 2 times then it would not be good.
Ah ok. Though in my ideal world I would have SSO for all of my selfhosted applications and it would be one and the same. You login to SSO, you logged to an app.
Especially when my family is using the same services for some stuff. I would rather not hear them complaining that they have to 'again login to access x or y TWICE'. :)
With mobile applications it is also tricky since some of them work on app tokens and require it to setup via some application UI.
So you wold have to login twice, from mobile, which is even less convenient, and from every app since there are no shared system cookies.
In summary I would rather block/whitelist IPs or IPs ranges on proxy webserver (like right now with NGINX). Which lacks UI, yes. This is where Pangolin seems much better.
The SSO is only once for all shared resources, the login of which is saved in password manager just like any other website so login isn't really an issue. You can create different users and roles with ease for anyone that needs it.
There's also a rules section that allows you to bypass all authentication with a IP, range, URL whitelist. It's all traefik under the hood after all so it's very extensible with crowdsec, fail2ban and there's always the yml if you want to deal with that.
I just have Jellyfin disabled since it has it's own auth and to prevent any issues with family members tv streaming since that's the only thing they care about anyways.
