authelia
vouch-proxy
Our great sponsors
authelia | vouch-proxy | |
---|---|---|
174 | 48 | |
19,235 | 2,614 | |
3.3% | 1.8% | |
9.9 | 3.2 | |
4 days ago | 4 days ago | |
Go | Go | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
authelia
-
Keycloak SSO with Docker Compose and Nginx
It's me and two others though I'm definitely the most active. We put a lot of effort into security best practices and one of my co-developers is currently reviewing the 4.38.0 release. It's a fairly major release with a lot of important code paths that have been improved for the future.
Our official docs can be found at https://www.authelia.com and you can find docs for a particular PR in the relevant PR. We've also linked the pre-release docs in the pre-release discussions which can be found here: https://github.com/authelia/authelia/discussions/categories/...
I've been eyeing authentik[1] and authelia[2].
Authelia looks really good to me, but the fact that keycloak has connectors for angular and you need to setup oidc angular plugins with authelia for example made me a little bit wary. But I guess having a config for Keycloak makes it's easier to get started.
> My only concern is that Authelia hasn't had a new release for more than a year, which raises security concerns.
I'm a bit concerned about that too. When setting it up, I found a lot of their docs on github mentioned they have `template` and `expand-env` "configuration filters", then it took me entirely too long to realize that while the 4.38 pre-release notes, posted in January 2023, say it's "just around the corner", it's still being worked on.
Having said that, there still seems to be somewhat active development. It may just be one person at this point.
https://hub.docker.com/layers/authelia/authelia/v4.38.0-beta...
That's not a new release of authelia. Authelia's releases are at https://github.com/authelia/authelia/releases
The updates to the AUR package were not about new releases since 2022:
aur/authelia $ git log ad4e6ca^..HEAD
-
Why would anyone need AD/AAD when you can manage devices through Saltstack?
https://github.com/saltstack/salt https://github.com/chocolatey/choco https://github.com/nextcloud https://github.com/authelia/authelia https://github.com/grafana/grafana
-
HAProxy with Forward Auth to Authentik
If you are using HAProxy on PfSense/OPNSense, see my issue https://github.com/authelia/authelia/issues/2696
-
Keycloak – Open-Source Identity and Access Management Interview
We used keycloak for openid identity provider as well. It is fine to setup keycloak once. But it is painful share the setup with other engineers.
For local development, we end up using dex (https://dexidp.io). When we need support group/role, we use dex and glauth(https://glauth.github.io). Both dex and glauth can be configured with yaml files. We just created a few yaml files and a docker compose file, every engineer can be brought up the whole environment in a few seconds.
Also https://www.authelia.com and https://github.com/goauthentik/authentik look pretty promising, if you need more advanced features from them.
-
LDAP or AD for selfhosted
https://github.com/lldap/lldap is a very simple and lightweight LDAP solution. Works flawless with https://www.authelia.com/
-
Authelia/SSO With Caddy In Docker Compose?
Ah yeah, so I guess it's been a while since I tried and I forgot where I got stuck last time. Authelia's config.yml is absolutely massive and I'm not sure which section of their guide I should be following. In The Docker Compose section, there's "Unbundled", "Lite", and "Local". I think I want to be running the "lite" bundle, but their example compose file has a ton of Traefik stuff in it. I know I wouldn't keep the Traefik services, but do I need either secure or public?
vouch-proxy
- I'm looking for an SSO server/reverse proxy with features I'm not sure exist
-
Keycloak vs. Authentik vs. Authelia, help choose SSO
Look into vouch proxy
- Solf-hosted login form for self-hosted app ?
-
Is there something like Keycloak or Authelia that supports both forward auth and identity providers?
Vouch proxy is designed for this usage: https://github.com/vouch/vouch-proxy I don't think there are any nice UIs to configure it though so you'll need to be familiar with running it yourself.
-
cloudflare and ingress-nginx
Not sure this is a "best practice", but it lets me keep control of the Ingress resources inside their YAML configs. I've also layered Vouch Proxy into the ingress configurations to require SSO/MFA auth to access the resources behind the Ingress. Cloudflare has the ability to do this, but I found it cumbersome to keep track of the configs outside the K8s cluster.
-
Single Sign on for reverse proxy (NGINX Proxy Manager)
I've used vouch proxy for my own stuff previously, before more recently moving to Cloudflare Access. vouch can be slightly janky at times to get working right, but once set up, it's been solid.
-
Yubikey support in Jellyfin
For example: nginx -> Vouch proxy -> KeyCloak -> Jellyfin
-
Do you prefer to build your own auth, or use some library or provider (like auth0, Next Auth, Supabase, etc)?
You seem to be quite knowledgeable and a minimal provider with just the bare minimum would suffice for you. Have a look at Vouch Proxy, it does one thing and it does it well.
-
What do you use for SSO if anything?
I'm using vouch proxy on my Kubernetes cluster and I delegate to a separate IdP (usually GitHub.)
-
Nginx auth_request and Keycloak?
You can't use keycloak direct with auth requests - you need an intermediary they can bridge the gap (or a custom build of Nginx, but that is a pain in the ass). I use Vouch Proxy: https://github.com/vouch/vouch-proxy
What are some alternatives?
authentik - The authentication glue you need.
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
oauth2 - Go OAuth2
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
dex - OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
jfa-go - a better way to manage your Jellyfin users, now in go
Portainer - Making Docker and Kubernetes management easy.
traefik-forward-auth - Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
uptime-kuma - A fancy self-hosted monitoring tool