I think that authelia is not really made for this scenario, so if you want to use authelia, I think you would have to loop back to before authelia and redirect to the different (auth / non-auth) urls.

I am pretty sure though you are not the first person to have this requirement so probably there is a better solution, but I would have no idea what to search for.

Generally speaking most proxies like haproxy or nginx are scriptable (HAproxy via Lua for example) so maybe that’s something you could let ok into. This article sounds s bit like your scenario:

https://www.egnyte.com/blog/post/dynamic-backends-in-haproxy-with-lua

Can you not just send the users request to two different URL, based on the decision if it needs auth or not? That would not be authelias task but your internal url routers. Authelia would handle the authentication on the path that requires auth and your proxy would directly serve the “open” content. The logic would have to take place in your app.

myapp.org/ checks what it’s going to be

myapp.org/secret/ serves content you need to be authenticated for

myapp.ort/open/ serves content that doesn’t need auth.

When I was working in companies with very restrictive firewalls and needed to access my homeserver via SSH, I was using TOR browser (which exists as portable versions so you need to install anything which you are not allowed to). TOR Browser creates a socks proxy, which you can then use from kitty/putty ssh (which also have portable versions) to dial out.

Depends on the vulnerability

BTW unless you are behind a cgnat you don’t need any of these solutions, neither a VPS with wireguard. Its weird that nobody uses the simplest solution anymore, which is a dynamic DNS.

if you additionally want to have a domain pointing at your server, just set CNAME for the ddns name in your dns settings.

I think besides the very minor advantage of having a fixed IP (unless you want to run mailserver) instead of a fixed domain name, most people think they don’t have to take care of security anymore because cloudflare does it for them.

I just say you seem extremely uninformed for somebody who want to run a federation outpost, i.e. from the FAQ: https://matrix.org/docs/older/faq/

Why is the state_groups_state table so large? What is it storing? Room state takes up a lot of space! To be specific, regular snapshots are taken of room states, so you can rapidly find out the state for historical events.

Why is it so important to record this, and to know the past room state including full member list?

It’s needed to enable access control and state resolution, for example the homeserver needs to be able to decide:

“who can see this message at that point in time?” “what was the state of the room was when this message was received, and so is it allowed to be received?” Synapse stores these snapshots approximately every 100 messages, with deltas in between.

I have no idea, I have zero desire to host a matrix server. But I wanted to have one, I would make sure to check what the actual requirements in terms of bandwidth and storage are and what will happen if I fire up the server.

It’s like hosting a TOR exit node and then complaining about all the data going over my network.

You do understand that running a federated server means that you are taking over hosting duties for that chat protocol, right? I wonder, why do you want to run a federation outpost if the requirements to do that seem annoying to you? Just join the group via matrix.org’s own server and you are settled, they have the knowledge and the resources to run a proper matrix server.

Edit “a single group” with maybe hundred thousands of cat gifs takes a while to sync unless you instruct your server to omit the backlog.

Depending on your config, joining a large group means syncing backlogs of weeks/months/years of posted media, so what do you expect?