Cloudflare access-like restrictions for http_service

It would be nice if you could allow restricting a domain to only authenticated fly accounts in the deploying organisation (or a list of accounts that are allowed access). This would allow hosting internal tools/dashboards “publicly” with easy access without worrying about someone nefarious accessing them.

Because http_service already acts as a reverse proxy (and terminates TLS), it could check for an auth cookie and do a regular oauth flow if it does not exist.

(Of course the usual edge cases with cross site cookies and whatnot, once solution could be allowing generating a token to pass in the Authorisation: bearer header.)

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.