S.S.Octopus
ziti
S.S.Octopus | ziti | |
---|---|---|
5 | 84 | |
3,063 | 2,097 | |
0.4% | 11.4% | |
0.0 | 9.8 | |
12 days ago | 5 days ago | |
Go | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
S.S.Octopus
-
Use OpenZiti to secure your monitoring
2. An identity aware SSO proxy by Buzzfeed[0]
I really like Buzzfeed's SSO implementation, but it hasn't received updates in a while and doesn't seem to be maintained to me. I could absolutely see OpenZiti replacing this for me.
I really like Wireguard and have absolutely no complaints with it -- but if OpenZiti could replace this as well and match the performance I get on Wireguard I would consider implementing it at home (and would probably be a happy enough customer to push for it at work).
One non-typical use-case I use Wireguard for is being able to do remote game streaming to my Windows hosts via Moonlight+Nvidia Gamestream. Would anyone be able to (anecdotally or scientifically), share how well a use-case like this would work with OpenZiti?
[0] https://github.com/buzzfeed/sso
-
Libredirect – Redirect social media and websites to privacy friendly front ends
In addition to this suggestion, another viable route is to self-host those applications you rely on and don't expose them to the world (so as to reduce load/attack surface). Using a VPN can allow you to access the applications privately/remotely.
e.g. I self-host the applications I rely on such as Teddit, Nitter, Bibliogram and Cloudtube and then use Wireguard to always remain connected to the network they are accessible on. I have also implemented identity-aware SSO[1] so I can expose those applications remotely to specific individuals.
[1] https://github.com/buzzfeed/sso
-
Add Password Protection to Any Site with OAuth2 Proxy - Plus Social Logins
If oauth2-proxy doesn't suit your needs, there are some projects that have spun-off from oauth2-proxy like pomerium and BuzzFeed's sso. In addition to the open source library, Pomerium offers a paid service with a GUI to help IT staff more easily manage user permissions. BuzzFeed's sso builds upon oauth2-proxy by separating the domain used for auth from the domain used for the proxy (among several other changes).
-
Introduction to Zero Trust on AWS ECS Fargate
SSO to the rescue!
-
Web proxy (Bastion ?) to access Website in "private" network.
https://github.com/buzzfeed/sso - Google only
ziti
- Show HN: OpenZiti (Apache 2.0, P2P, E2E encrypted, full mesh overlay) is now 1.0
-
Has anyone tried OpenZiti?
If you are not aware of what OpenZiti is, this is the description available on their website:
-
zrok: open-source peer-to-peer sharing (release of 0.4.0)
fwiw, its back up. stars for zrok and ziti (i.e., the parent repo) are super appreciated!
-
Self-Hosted Mesh Network / VPN For User-Friendly LAN Gaming Network?
https://github.com/openziti/ziti (1.2k stars)
-
K3S, Authentik, And Practical Use
Create an AUR package for the ziti binaries
-
Docker-Compose Woes
I ask because I'm going to start with the simplified-docker-compose.yml file instead of the more complicated one for starters
-
Upgrading VPN solutions in a remote working Environment
OpenZiti is the most sophisticated and simple-to-use ZTNA platform on the planet. Allows you to create micro-segmented ZTNA networks by desktop application, web application, device, containers, API, and servers. All data is distributed dynamically across an overlay mesh network focused on routing performance, self-healing, and latency. It has desktop clients on all operating systems, pre-built SSH consoles, and SDKs in different languages to integrate OpenZiti into any product natively. And best of all, it's Open-Source. Seriously, try it, you'll be mind-blowing...
-
An SDK for embedding zero trust networking into Node.JS applications and web servers to improve security.
This repo hosts the OpenZiti SDK for NodeJS, and is designed to help you deliver secure applications over a OpenZiti Network - https://github.com/openziti/ziti-sdk-nodejs.
- Ziti
-
Looking for a "file-ingress"/"file upload" service for arbitary person w/ one time link/email
zrok.io seems fit for this purpose though you'd have to do a little work like combining it with FileGator or similar. Future releases would add this functionality directly, you could just watch the project. It is fundamentally designed for web app & webhook testing. It's built on top of a zero-trust networking overlay technology called openziti.io. There are developer discourse channels to help.
What are some alternatives?
vouch-proxy - an SSO and OAuth / OIDC login solution for Nginx using the auth_request module
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
Pomerium - Pomerium is an identity and context-aware reverse proxy for zero-trust access to web applications and services.
tailscale - The easiest, most secure way to use WireGuard and 2FA.
zitadel - Cloud-native Identity & Access Management solution providing a platform for secure authentication, authorization and identity management.
ZeroTier - A Smart Ethernet Switch for Earth
Ory Hydra - OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
OPAL - Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)
zitadel - ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.
devtron - Tool integration platform for Kubernetes
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
gdg - Grafana Dashboard Manager