Pomerium
easy-rsa
Our great sponsors
Pomerium | easy-rsa | |
---|---|---|
26 | 26 | |
3,832 | 3,881 | |
1.1% | 1.2% | |
9.7 | 9.4 | |
7 days ago | 4 days ago | |
Go | Shell | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Pomerium
-
OAuth server for authorization
Option 3: Pomerium might be an alternative as well.
-
Moving from Google workspace to Microsoft 365 and implementing Zero Trust
That is not how you do Zero Trust. You want to use an Identity Aware Proxy. There are lots of ways you can implement this with Google as your core auth. For example Pomerium or oauth2-proxy.
- We have pushed an emergency fix to Pomerium, please upgrade your versions
-
Which reverse proxy are you using?
I’m really surprised this sub has no love for Pomerium. I feel like it’s as simple as Caddy with all the security benefits of Traefik.
-
Is anyone using Pomerium (identity-aware proxy)? I don't understand it.
I am not sure if I understand how Pomerium works (or any identity-aware proxy).
-
AD/AAD Authentication for Apps running in Kubernetes Cluster
Pomerium sidecar.
-
What is the best way to implement an SSO for several existing web apps?
Just want to drop https://www.pomerium.com/ here. We use it at our company with ~1500 people with many apps behind the proxy. It also supports JWT for the backend, so you can integrate your apps easily without having to worry about the OAuth flow and also your apps are protected from random internet attacks.
-
Web Server - Hide Public IP
You’ve got to protect. Anonymity is not going to work. Pomerium is another option in addition to those already suggested. https://github.com/pomerium/pomerium
-
Good stand-alone VPN solution
I am currently looking at Wireguard/Tailscale (Wireguard based) options - early days for me so far. Also planning to look at something like Pomerium for a zero trust approach. https://www.pomerium.com/
- Should i trust Authelia when exposing web services to the internet?
easy-rsa
-
Running one’s own root Certificate Authority in 2023
Easy-rsa to the rescue. Been using it for a while, works great and makes life easier :)
Link: https://github.com/OpenVPN/easy-rsa
Summary from that page:
easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, this means to create a root certificate authority, and request and sign certificates, including intermediate CAs and certificate revocation lists (CRL).
-
How to invalidate the usage of a OpenVpn client without revoke it in the CA Server?
No, OpenVPN relies on the CA trust model. Anyone signed by the CA has access, unless they have been revoked (CRL): https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Renew-and-Revoke.md
-
Best OpenVPN web UI for a small business
Then make do with the CLI. There might be some tooling to help you, e.g. https://github.com/OpenVPN/easy-rsa
-
AMA/Brown Bag: OpenVPN / EasyRSA
Hey folks. I'm one of the authors for Mastering OpenVPN, the author of Troubleshooting OpenVPN, and the maintainer of EasyRSA. In light of Apollo and other 3rd party apps going dark on the 30th, I figured I'd "turn in my notice" on Reddit and do the normal sysadmin data dump/brown bag before I'm gone. I've really enjoyed this group and hope things get sorted in the long run.
-
PFSense Tutorial - Self signing of SSL/TLS Certificate (cause not all have the money to buy one) - https://youtu.be/aj5FUFMn9f0
Correct. That applies to OpenVPN. There's a tool that OpenRSA maintains that help with creating those certificates, EasyRSA: https://github.com/OpenVPN/easy-rsa
-
Invalid Security Certificate Warnings are ANNOYING
Regarding the keys, csr and certificates it's pretty easy to manage them with easy-rsa (https://github.com/OpenVPN/easy-rsa)
-
How to import server or client certificate on AWS Certificate Manager (ACM)
$ git clone https://github.com/OpenVPN/easy-rsa.git
-
How to manage lots of self-signed certificates
Depending on your use case, either https://github.com/FiloSottile/mkcert or https://github.com/OpenVPN/easy-rsa
-
Totally local web server on HTTPS.
If you can add CAs to the hosts that will access this server, you can be your own certificate authority. mkcert is good, as mentioned elsewhere, or you can go all out: https://github.com/OpenVPN/easy-rsa
- Private CA management
What are some alternatives?
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
OpenSSL - TLS/SSL and crypto library
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
cfssl - CFSSL: Cloudflare's PKI and TLS toolkit
Gravitational Teleport - The easiest, and most secure way to access and protect all of your infrastructure.
FreeIPA - Mirror of FreeIPA, an integrated security information management solution
authelia - The Single Sign-On Multi-Factor portal for web apps
LetsEncrypt-PRTG - Post request script to install an SSL certificate obtained with Certify the Web or win-acme in PRTG.
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
BounCA - BounCA is a web tool to generate self-signed SSL certificates and setup a key infrastructure
traefik - The Cloud Native Application Proxy
certify - Professional ACME Client for Windows. Certificate Management UI, powered by Let's Encrypt and compatible with all ACME v2 CAs. Download from certifytheweb.com