[Support]: How do we securely make frigate available remotely?

[bobloadmire]

Describe the problem you are having

Frigate doesn't support any sort of authentication afaik. so if I forward it with something like cloudflare, its just open to the public? Whats the solution here?

Version

latest

Frigate config file

n/a

Relevant log output

n/a

FFprobe output from your camera

n/a

Frigate stats

No response

Operating system

Proxmox

Install method

Docker Compose

Coral version

Other

Network connection

Wired

Camera make and model

Tapo C120

Any other information that may be helpful

No response

[NickM-27]

frigate 0.14 does support authentication

[NickM-27]

however, it has always been an option to use something like cloudflare zero trust to require authentication (SSO based)

[banthungprong]

I still use these cloudflare tunnels for frigate 14/go2rtc and other services in my remote location. Only 1 account and password (Google or OTP) necessary. Much easier than handling different accounts/passwords.

[DrSpaldo]

Is there a way to disable anon access and limit user access with the new users?

[bakedhorse]

Pre-0.14, I always used Home Assistant to act as an authentication/interaction proxy for Frigate without directly exposing it to the internet, along with getting the benefits of the home automation.

However with the upcoming version, it should be much safer to expose frigate on the open internet with the built-in authentication login system. As long as you use port 8080 instead of port 5000.

[DrSpaldo]

There are a few options in this thread:

https://www.reddit.com/r/frigate_nvr/comments/159cald/securing_your_frigate_installation_for_remote/

They are worth trying, I have done a few

[mimainka]

I'm currently using NGINX Proxy Manager and simply enable the Proxy Host when I need to access my Frigate from external where I don't have access to my VPN and deactivate it when I'm done.
Of course that's not authentication but rather limiting the time my Frigate is open to everyone knowing the URL to a minimum.

[jubjubrsx]

Not the best but works.. I offer nginx and set a password on the proxy.