My WebApps have come along to a useful state quite rapidly, so I wanted to deploy them to be accessible from the Internet and not just my local network.
To do this I needed to secure then behind some authentication system. I initially used Codex to roll a simple user/password setup that checked against a hashed password on the server side. However, details were required for each webapp separately, and although it achieved what I needed, it did feel a little lacklustre on the technical side.
Therefore, I decided to roll the authentication for them all into a single authentication service I’ve called NovvyAuth. It makes use of Google OAuth, and shares the login session across all the apps I’ve been working on.
Here’s a quick overview of the setup:
Caddy, NovvyAuth, and the webapps themselves are all hosted on a little MiniPC running Proxmox as part of my Homelab.
Caddy sits at the front, and routes incoming traffic to the relevant servers on my local network.
When the webapps need AI inference to achieve their tasks, it’s performed via LM Studio and makes use of a 4080 Super. Currently I’m using the new Gemma4 4B model and it’s performing well.
Naturally, if you try and access the apps directly when not already logged in, it will redirect you through NovvyAuth.
NovvyAuth also has a simple backend, where you can access user profiles, and manage permissions. SQLite is providing the core part of this element of the user management system.
