A SSH bastion (or jump) host allows a group of permitted users to access a bunch of servers in another security ring by first connecting to the bastion host, and then jumping to the target server.
I want to describe my solution on how to quickly set up such a SSH jumphost, while…
only using software that comes with the system (in my case Debian)
being multi-user capable, with different users having a different set of servers they’re allowed to connect to
Traefik got really popular over the last few years in the bubble of home-lab youtubers, that’s when I first heard about it.
Traefik is more comparable to HAProxy than to nginx/caddy/apache2 - it forwards requests to services and returns the responses, can even modify headers and other aspects of the request and response, but it can’t serve files.
This article states my experience with traefik in an environment without containers.
Arch Linux is arguably one of the easiest distributions to customize, there’s even a wiki entry on how to build your own customized iso, which could be helpful if you, for example, wanted to include rescue tools for your specific environment. But what if you’ve got a network with a bunch of computers, and wanted them all to boot up using that image - running around with countless usb drives or cds isn’t an option.