Pomerium
caddy-docker-proxy
Pomerium | caddy-docker-proxy | |
---|---|---|
26 | 56 | |
3,856 | 2,378 | |
1.1% | - | |
9.7 | 7.4 | |
1 day ago | 3 days ago | |
Go | Go | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Pomerium
-
OAuth server for authorization
Option 3: Pomerium might be an alternative as well.
-
Moving from Google workspace to Microsoft 365 and implementing Zero Trust
That is not how you do Zero Trust. You want to use an Identity Aware Proxy. There are lots of ways you can implement this with Google as your core auth. For example Pomerium or oauth2-proxy.
- We have pushed an emergency fix to Pomerium, please upgrade your versions
-
Which reverse proxy are you using?
I’m really surprised this sub has no love for Pomerium. I feel like it’s as simple as Caddy with all the security benefits of Traefik.
-
Is anyone using Pomerium (identity-aware proxy)? I don't understand it.
I am not sure if I understand how Pomerium works (or any identity-aware proxy).
-
AD/AAD Authentication for Apps running in Kubernetes Cluster
Pomerium sidecar.
-
What is the best way to implement an SSO for several existing web apps?
Just want to drop https://www.pomerium.com/ here. We use it at our company with ~1500 people with many apps behind the proxy. It also supports JWT for the backend, so you can integrate your apps easily without having to worry about the OAuth flow and also your apps are protected from random internet attacks.
-
Web Server - Hide Public IP
You’ve got to protect. Anonymity is not going to work. Pomerium is another option in addition to those already suggested. https://github.com/pomerium/pomerium
-
Good stand-alone VPN solution
I am currently looking at Wireguard/Tailscale (Wireguard based) options - early days for me so far. Also planning to look at something like Pomerium for a zero trust approach. https://www.pomerium.com/
- Should i trust Authelia when exposing web services to the internet?
caddy-docker-proxy
-
Eliminate IPv4 tax on AWS, is it that easy?
Caddy via Caddy Docker Proxy (network).
- Caddy-Docker-Proxy: Caddy as a Reverse Proxy for Docker
-
Self-Hosted Is Awesome
https://github.com/lucaslorentz/caddy-docker-proxy
It handles the routing to multiple dockerized projects on one server, by scanning docker compose files for labels and automatically setting up the required caddy configuration.
-
Keycloak SSO with Docker Compose and Nginx
My go to is always this instead:
https://github.com/lucaslorentz/caddy-docker-proxy
Single label to a docker container and with correct DNS you’ll have an automatically managed certificate right away.
-
Working on Multiple Web Projects with Docker Compose and Traefik
I have had a great experience with using this: https://github.com/lucaslorentz/caddy-docker-proxy
It combines caddy with docker-compose labels, making it super easy to spin up new projects that can immediately be exposed.
-
Caddy is the first and only web server to use HTTPS automatically and by default
If you want a slightly heavier but more robust solution, caddy-docker-proxy[0] is a plugin that listens to the Docker socket and automatically updates the Caddy configuration based on Docker labels you add to containers.
I.e. it makes Caddy act a bit more like Traefik. Most of the time, you'll just add the label `caddy.reverse_proxy={{upstreams http 8080}}` to your containers and the plugin will regenerate Caddy's configuration whenever the container is modified.
[0] https://github.com/lucaslorentz/caddy-docker-proxy
-
Nginx Development Guide
I disagree, Caddy works great in Docker. See https://caddyserver.com/docs/running#docker-compose, and CDP is a project that autoconfigures Caddy from labels https://github.com/lucaslorentz/caddy-docker-proxy. Regarding plugins, it's super simple to write a Dockerfile to add plugins, we ship a builder image variant that can be used to compile in any plugins you want.
-
How I run my servers
````
This way, Caddy will buffer the request and give 30 seconds for your new service to get online when you're deploying a new version.
Ideally, during deployment of a new version the new version should go live and healthy before caddy starts using it (and kills the old container). I've looked at https://github.com/Wowu/docker-rollout and https://github.com/lucaslorentz/caddy-docker-proxy but haven't had time to prioritize it yet.
-
Which reverse proxy are you using?
Docker labels support is available via a plugin https://github.com/lucaslorentz/caddy-docker-proxy
-
My repository of the week: NGINX Proxy - Automated nginx for your containers
Or caddy-docker-proxy: https://github.com/lucaslorentz/caddy-docker-proxy
What are some alternatives?
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
Gravitational Teleport - The easiest, and most secure way to access and protect all of your infrastructure.
traefik - The Cloud Native Application Proxy
authelia - The Single Sign-On Multi-Factor portal for web apps
Portainer - Making Docker and Kubernetes management easy.
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
jellyfin-media-player - Jellyfin Desktop Client based on Plex Media Player
docker-pi-hole - Pi-hole in a docker container