noisysockets
obligator
| noisysockets | obligator | |
|---|---|---|
| 3 | 7 | |
| 61 | 617 | |
| - | 2.3% | |
| 8.4 | 9.0 | |
| 3 days ago | 10 days ago | |
| Go | Go | |
| Mozilla Public License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
noisysockets
-
Attackers Can Decloak Routing-Based VPNs
An interesting (and portable) alternative to network namespaces is to bypass kernel networking entirely and use a userspace network stack.
I've got an example of doing just that with my project Noisy Sockets, https://github.com/noisysockets/noisysockets/blob/main/examp...
-
WireGuard client that exposes itself as a HTTP/SOCKS5 proxy
https://github.com/noisysockets/noisysockets
With that, you can replace a Dialer in Go that connects sockets, effectively wrapping sockets with Wireguard. Since it does that in userspace, you get no tun/tap. This is all open-sourced by @dpeckett
With those things, he also built a userspace wireguard gateway that includes DNS resolution. https://github.com/noisysockets/gateway
https://news.ycombinator.com/user?id=dpeckett
-
JIT WireGuard
Might as well take the opportunity to shill one of my recent experimental projects, If you are interested in building Go apps that act as userspace WireGuard peers take a look at https://github.com/dpeckett/noisysockets
Based off the excellent work in done by wireguard-go but I've attempted to simplify and make things a lot more idiomatic for library use.
obligator
-
JIT WireGuard
The deployment experience is awesome, but for me[0] the killer feature of Fly.io is their Anycast network and features such as FLY_REPLAY and LiteFS that make clusering a breeze[1].
[0]: using them for https://lastlogin.io
[1]: Here's all the fly-specific code necessary to run LastLogin in a globally distributed way: https://github.com/lastlogin-io/obligator/blob/37f75cc861f1b...
-
Keycloak SSO with Docker Compose and Nginx
I use obligator with ephemeral storage, no db, 100% code driven setup.
In my opinion this is the simplist option.
https://github.com/lastlogin-io/obligator
-
Google OAuth is broken (sort of)
See the table here: https://github.com/lastlogin-io/obligator#comparison-is-the-...
- FLaNK Stack Weekly 16 October 2023
-
Show HN: Obligator – An OpenID Connect server for self-hosters
Sorry, this is indeed not very clear. Others already answered well, but if you look at the example[0] config you can see how you would use your own instance of obligator as a client to the instance running at lastlogin.io. This is a bit meta, but applies equally to any client application.
[0]: https://github.com/anderspitman/obligator#running-it
What are some alternatives?
TheIdServer - OpenID/Connect, OAuth2, WS-Federation and SAML 2.0 server based on Duende IdentityServer and ITFoxtec Identity SAML 2.0 with its admin UI
OpenID - OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x
podman-nginx-socket-activation - Demo of how to run socket-activated nginx with Podman
node-oidc-provider - OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js
dex - OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors [Moved to: https://github.com/dexidp/dex]
traefik-forward-auth - Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
authentik - The authentication glue you need.
caddy-security - 🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
Ory Kratos - Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market!
mariadb-podman-socket-activat
mariadb-podman-socket-activation - Demo of a templated systemd user service that runs rootless Podman and starts MariaDB with socket activation
louketo-proxy - A OpenID / Proxy service