|18 days ago||5 days ago|
|Apache License 2.0||MIT License|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Connecting OpenSearch to Keycloak
4 projects | dev.to | 14 Feb 2023
Before we can authenticate OpenSearch against Keycloak, we'll need to install Keycloak. The following Ansible snippet demonstrates how to deploy Keycloak onto a Kubernetes cluster using the codecentric helm chart.
sso at home?
3 projects | /r/selfhosted | 2 Oct 2021
HA Keycloak on top of Kubernetes https://github.com/codecentric/helm-charts/tree/master/charts/keycloak I dropped the chart db in favor of https://github.com/zalando/postgres-operator
Homelab: Cluster Architecture
9 projects | dev.to | 14 Jun 2021
Having experienced the issue of identity management in past projects (I've literally published 5 web apps which became some iteration of user-profile applications), I found Keycloak to be of particular use when it comes to managing users and federating accounts. Keycloak is an open-sourced enterprise service which manages identity, authentication, authorization, and account federation which is part of the JBoss project and backed by RedHat. Since I wanted to use the Keycloak helm chart the Keycloak service runs using a Postgres backend.
Moving from Google workspace to Microsoft 365 and implementing Zero Trust
2 projects | /r/sysadmin | 27 Nov 2023
That is not how you do Zero Trust. You want to use an Identity Aware Proxy. There are lots of ways you can implement this with Google as your core auth. For example Pomerium or oauth2-proxy.
Microsoft launches Windows App for accessing PCs in the cloud from any device
2 projects | news.ycombinator.com | 16 Nov 2023
I use self-hosted Apache Guacamole (RDP) through a reverse proxy with Google SSO (oauth2-proxy). So easy to access my desktop from virtually any browser (mobile isn't the best though). This would be a good solution for gaming, but for other activities RDP is unbeatable imo.
Best Practice For Serving Static (Frontend) Files with NGINX in K8s?
2 projects | /r/kubernetes | 9 Jul 2023
Meet https://oauth2-proxy.github.io/oauth2-proxy/ It could be deployed in the cluster somewhere and reuse it where needed. We do this to authenticate prometheus,alertmanager ui for useres
Authentik reverse proxy vs swag
3 projects | /r/selfhosted | 7 Jul 2023
BTW also keycloak and other similar products offer the oauth-proxy capability, I even used the original oauth2-proxy https://github.com/oauth2-proxy/oauth2-proxy for a while, but it was getting too difficult to maintain for me. I used for a while https://github.com/thomseddon/traefik-forward-auth that was a smart hack configuring a single upstream provider, but it look abandoned. So I was considering authentik but apparently it's just oauth2-proxy embedded in it, at that point why not use oauth2-proxy directly.
How to build Auth in 2023 with go?
6 projects | /r/golang | 31 May 2023
Like auth basic? Mate, its 2023 get that RestAPI endpoint behind an OAuth proxy. github.com/oauth2-proxy/oauth2-proxy is a good one on a budget or use some cloud provider's ApiGateway and IAM services.
Pomerium or Authentik?
3 projects | /r/selfhosted | 23 May 2023
A final option would be oauth2-proxy which I also tried out in the past. It was pretty easy to get going, but also quite barebones. However maybe that would be fine for my usecase. Still something to investigate.3 projects | /r/selfhosted | 23 May 2023
I use it in combination with oauth2-proxy, which sits in front of my network and the various services I host. https://github.com/oauth2-proxy/oauth2-proxy
Is it possible to password protected reverse proxy?
4 projects | /r/selfhosted | 21 May 2023
Under the hood Authentik just uses https://github.com/oauth2-proxy/oauth2-proxy. The preconfigured proxy is convenient but if you already have a SSO provider you don't need to switch.
How do you secure your webpages that have no protection?
7 projects | /r/selfhosted | 13 May 2023
I recommend https://github.com/oauth2-proxy/oauth2-proxy
Single Exposed Self-Hosted Portal to Reach Internal Services? (Reverse Proxy App)
3 projects | /r/selfhosted | 23 Apr 2023
Have a look at oauth2-proxy. I wanted to do something similar - I wanted to access the various services running on my home network over the internet, but keeping them secure.
What are some alternatives?
traefik-forward-auth - Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
vouch-proxy - an SSO and OAuth / OIDC login solution for Nginx using the auth_request module
authelia - The Single Sign-On Multi-Factor portal for web apps
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
caddy-auth-portal - Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA with App Authenticators and Yubico.
Docusaurus - Easy to maintain open source documentation websites.
Pomerium - Pomerium is a context-aware access gateway.
lua-resty-openidc - OpenID Connect Relying Party and OAuth 2.0 Resource Server implementation in Lua for NGINX / OpenResty
docker-swag - Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
loki - Like Prometheus, but for logs.
Ory Hydra - OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS