Restrict Access of Public Facing Services to Authorised Personnel only

Let's say I have multiple services (e.g. Traefik dashboard and Grafana).

These services have to be exposed to the public, but only limit to authorised personnel only (e.g. Staff working from home). How is this achievable?

I am thinking of using VPN along with Basic Auth. However, I am not sure whether is this secure. Any help is recommended! Thanks in advance! :slight_smile:

There are quite a few ways to achieve this.

These two items are mutually exclusive. Being accessible over regular internet and restricted to authorized personnel is more likely.

VPN would suggest that the services are not publicly routable.

Grafana as it has its own Authentication and Authorization. So no real need for basicAuth.

Other options could involve mTLS or forwardAuth middleware, any option should use TLS.