docker-selfhosted-apps
authentik
Our great sponsors
docker-selfhosted-apps | authentik | |
---|---|---|
9 | 163 | |
954 | 6,102 | |
- | 7.7% | |
0.0 | 10.0 | |
about 1 year ago | 6 days ago | |
Shell | Go | |
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
docker-selfhosted-apps
-
Is there a more up-to-date guide than this?
*https://github.com/BaptisteBdn/docker-selfhosted-apps
-
Looking for help/direction on easy, reliable, and secure self-hosting for remote devices
https://github.com/BaptisteBdn/docker-selfhosted-apps https://github.com/subdavis/selfhosted https://github.com/htpcBeginner/docker-traefik https://github.com/petersem/dockerholics
-
Complete guide with examples to selfhosting using docker. Traefik v2, Bitwarden, Wireguard+Pihole, Synapse+Elements, Jellyfin, Nextcloud, Backups, etc.
If you don't like nextcloud there is also a guide for seafile which provides some of the same services.
I think both nextcloud and seafile can do what you need. You can also check syncthings, unfortunately I did not do a guide about this one, but you should be able to find something on the internet.
Link to the Github guide
authentik
-
Show HN: Auth0 OSS alternative Ory Kratos now with passwordless and SMS support
Hey, for authentik this is actually something we're actively working on: https://github.com/goauthentik/authentik/pull/8330, and this will be included in our next feature release in April!
(Disclaimer, I am founder and CTO of authentik)
-
Keycloak SSO with Docker Compose and Nginx
authentik CTO here; we’ll fix this in the next release (match-april), it should be possible in a non backwards incompatible way using the suggestion in this comment https://github.com/goauthentik/authentik/issues/6139#issueco... (which does call that solution a hack but I wouldn’t necessarily agree)
For anyone, considering authentik, I want to warn you by saying "here be dragons."
To start, I have protected 10+ services at any given time. Both in docker and k8s. Unless you enjoy configuring protection for each service independently, you'll have a bad time in authentik.
Authentik suffers from a debilitating bug[0] where when using a single config to protect all services on subdomains (i.e. app1.example.com, app2.example.com, etc.) your users will be randomly redirected to a different service when reauthenticating after the session expires.
I've been eyeing authentik[1] and authelia[2].
Authelia looks really good to me, but the fact that keycloak has connectors for angular and you need to setup oidc angular plugins with authelia for example made me a little bit wary. But I guess having a config for Keycloak makes it's easier to get started.
See here for the fix, which both implements the workaround suggested in the issue and also a much more standard-compliant method: https://github.com/goauthentik/authentik/pull/8471
-
Has anyone had any success setting Authentik up behind Caddy for a reverse proxy?
Ask in the correct places for support: https://github.com/goauthentik/authentik/discussions and https://github.com/caddyserver/caddy/issues
-
Show HN: Obligator – An OpenID Connect server for self-hosters
Personally I went with Keycloak, because it's fairly well documented and also has Docker images available: https://www.keycloak.org/getting-started/getting-started-doc... although the fact that they want you to create an "optimized" image yourself and have a long build/setup process on startup instead is slightly annoying: https://www.keycloak.org/server/containers
Regardless, with something like mod_auth_openidc or another Relying Party implementation, all of the sudden authn/authz becomes easier to manage (you can literally get user information including roles in headers that are passed from your gateway/relying party to apps behind the reverse proxy), regardless of what you have actually running in your APIs: https://github.com/OpenIDC/mod_auth_openidc (there are other options, of course, but I went with that because I already use mod_md).
It's actually cool that there are plentiful options in the space, since OIDC is pretty complex in of itself and attempts at creating something pleasant to actually use are always welcome, I've also heard good things about Authentik: https://goauthentik.io/
-
HAProxy with Forward Auth to Authentik
For Authentik, it looks like they are not interested to write how to configure HAProxy with it https://github.com/goauthentik/authentik/issues/5768
- Authentik reverse proxy vs swag
-
Authentik + Cloudflare + Nginx = 500 error
Have you tried /r/Nginx and /r/CloudFlare? And Authentik has a Discord server: https://goauthentik.io/discord and Github discussion and issues page: https://github.com/goauthentik/authentik/discussions
What are some alternatives?
authelia - The Single Sign-On Multi-Factor portal for web apps
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
zitadel - ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.
keycloak-operator - ARCHIVED Kubernetes Operator for the no longer supported WildFly distribution of Keycloak
jellyfin-plugin-ldapauth - LDAP Authentication for Jellyfin
docker-swag - Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
vouch-proxy - an SSO and OAuth / OIDC login solution for Nginx using the auth_request module
caddy-auth-portal - Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA with App Authenticators and Yubico.
external-auth-server - easy auth for reverse proxies
pam-keycloak-oidc - PAM module connecting to Keycloak for user authentication using OpenID Connect/OAuth2, with MFA/2FA/TOTP support
ToolJet - Low-code platform for building business applications. Connect to databases, cloud storages, GraphQL, API endpoints, Airtable, Google sheets, OpenAI, etc and build apps using drag and drop application builder. Built using JavaScript/TypeScript. 🚀
appsmith - Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.