There is an easy way to use base-auth for “securing” ingress access in Traefik, but, well - it’s base auth. It’s not that secure nor easy / nice to use in browsers, especially on mobile devices. So for long time, I was thinking how to integrate Traefik Ingress with an SSO (Single Sign-On) solution.
...
Short guide how to use traefik-forward-auth to use SSO for any traefik ingress, so even simple dashboard with your self-hosted services can be hidden behind login.
Guide uses Forgejo / Gitea as OAuth2 provider, but you can go with whatever you already use.
This is great if you're already using traefik ingress. oauth2-proxy is another good project if you want to secure your endpoint regardless your ingress type.