Pomerium
easy-rsa
Our great sponsors
Pomerium | easy-rsa | |
---|---|---|
26 | 26 | |
3,807 | 3,854 | |
1.2% | 1.1% | |
9.7 | 9.4 | |
7 days ago | 1 day ago | |
Go | Shell | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Pomerium
-
Moving from Google workspace to Microsoft 365 and implementing Zero Trust
That is not how you do Zero Trust. You want to use an Identity Aware Proxy. There are lots of ways you can implement this with Google as your core auth. For example Pomerium or oauth2-proxy.
-
Which reverse proxy are you using?
I’m really surprised this sub has no love for Pomerium. I feel like it’s as simple as Caddy with all the security benefits of Traefik.
-
AD/AAD Authentication for Apps running in Kubernetes Cluster
Pomerium sidecar.
-
What is the best way to implement an SSO for several existing web apps?
Just want to drop https://www.pomerium.com/ here. We use it at our company with ~1500 people with many apps behind the proxy. It also supports JWT for the backend, so you can integrate your apps easily without having to worry about the OAuth flow and also your apps are protected from random internet attacks.
-
Tailscale Authentication for Nginx
You might just want to integrate a policy rules engine like open policy agent: https://www.openpolicyagent.org/ It can act as a server which you bounce a subrequest against to get an authorization answer from a policy you defined ahead of time with a simple language.
And if you don't have time or want to do that, check out Pomerium it's basically a forward auth proxy with OPA policy engine integrated into it already: https://www.pomerium.com/
-
I wrote a smarter SSH bastion in Rust
Pomerium
-
Add Password Protection to Any Site with OAuth2 Proxy - Plus Social Logins
If oauth2-proxy doesn't suit your needs, there are some projects that have spun-off from oauth2-proxy like pomerium and BuzzFeed's sso. In addition to the open source library, Pomerium offers a paid service with a GUI to help IT staff more easily manage user permissions. BuzzFeed's sso builds upon oauth2-proxy by separating the domain used for auth from the domain used for the proxy (among several other changes).
-
What VPN/access solution do the big tech companies use?
Here's a list of open source products that aim at doing that: - Pomerium - Ory - Keycloak*
-
Pomerium now supports hardware-backed device identity via WebAuthn
I'm one of the maintainers of an open source identity aware access proxy called Pomerium. We just released v0.16 which includes a bunch of new features, but there's one in particular that has been in the works for months which I'm really excited about and wanted to share. In short, Pomerium now supports incorporating device identity into your access policies.
-
a selfhostable, dockerable service that has some sort of API to automatic insert links: suggestion?
As for authentication, I'd recommend splitting the authentication from the dashboard by putting a reverse proxy in front of the dashboard service. You can then use these credentials for the other services that the dashboard links to. Which one to use is highly dependent or your setup, so I'll just throw some self-hostable authentication proxies out here (haven't used any of them): Authelia, Dex, Pomerium
easy-rsa
-
Running one’s own root Certificate Authority in 2023
Easy-rsa to the rescue. Been using it for a while, works great and makes life easier :)
Link: https://github.com/OpenVPN/easy-rsa
Summary from that page:
easy-rsa is a CLI utility to build and manage a PKI CA. In laymen's terms, this means to create a root certificate authority, and request and sign certificates, including intermediate CAs and certificate revocation lists (CRL).
-
Invalid Security Certificate Warnings are ANNOYING
Regarding the keys, csr and certificates it's pretty easy to manage them with easy-rsa (https://github.com/OpenVPN/easy-rsa)
-
How to manage lots of self-signed certificates
Depending on your use case, either https://github.com/FiloSottile/mkcert or https://github.com/OpenVPN/easy-rsa
-
Totally local web server on HTTPS.
If you can add CAs to the hosts that will access this server, you can be your own certificate authority. mkcert is good, as mentioned elsewhere, or you can go all out: https://github.com/OpenVPN/easy-rsa
- Private CA management
-
Where can I find a ca.crt file for openvpn?
for that. you need learn this
See https://github.com/OpenVPN/easy-rsa/blob/master/README.quickstart.md for the recommended (and easy-to-use) easy-rsa toolkit.
-
CFSSL vs Step CA for private PKI
I need a pki for a hobby/side project which involves Golang and I would also like to utilize ed25519, nothing less. I have experience with setting up a two tier pki AD CS in a Windows domain. I have not only read into cfssl and step ca, but also EasyRSA and EJBCA. EasyRSA seems overkill and does not involve Golang, but I can be convinced otherwise. EJBCA failed for me, because it needed systemd, which means an extra server/vm just for running it.
-
Vaultwarden - Bitwarden App Failed to fetch Error - Guess self signed Cert??
For easy setup, I would recommend you to user Easy-RSA. https://github.com/OpenVPN/easy-rsa
-
Which light weight CA do you like best?
easy-rsa, https://github.com/OpenVPN/easy-rsa no ui though
What are some alternatives?
OpenSSL - TLS/SSL and crypto library
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
Gravitational Teleport - Protect access to all of your infrastructure
authelia - The Single Sign-On Multi-Factor portal for web apps
cfssl - CFSSL: Cloudflare's PKI and TLS toolkit
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
traefik - The Cloud Native Application Proxy
vouch-proxy - an SSO and OAuth / OIDC login solution for Nginx using the auth_request module
rdpgw - Remote Desktop Gateway in Go for deploying on Linux/BSD/Kubernetes
FreeIPA - Mirror of FreeIPA, an integrated security information management solution
LetsEncrypt-PRTG - Post request script to install an SSL certificate obtained with Certify the Web or win-acme in PRTG.