vouch-proxy
Nginx Proxy Manager
Our great sponsors
vouch-proxy | Nginx Proxy Manager | |
---|---|---|
48 | 651 | |
2,614 | 19,167 | |
1.8% | 8.6% | |
3.2 | 8.8 | |
5 days ago | 1 day ago | |
Go | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vouch-proxy
- I'm looking for an SSO server/reverse proxy with features I'm not sure exist
-
Keycloak vs. Authentik vs. Authelia, help choose SSO
Look into vouch proxy
- Solf-hosted login form for self-hosted app ?
-
Is there something like Keycloak or Authelia that supports both forward auth and identity providers?
Vouch proxy is designed for this usage: https://github.com/vouch/vouch-proxy I don't think there are any nice UIs to configure it though so you'll need to be familiar with running it yourself.
-
cloudflare and ingress-nginx
Not sure this is a "best practice", but it lets me keep control of the Ingress resources inside their YAML configs. I've also layered Vouch Proxy into the ingress configurations to require SSO/MFA auth to access the resources behind the Ingress. Cloudflare has the ability to do this, but I found it cumbersome to keep track of the configs outside the K8s cluster.
-
Single Sign on for reverse proxy (NGINX Proxy Manager)
I've used vouch proxy for my own stuff previously, before more recently moving to Cloudflare Access. vouch can be slightly janky at times to get working right, but once set up, it's been solid.
-
Yubikey support in Jellyfin
For example: nginx -> Vouch proxy -> KeyCloak -> Jellyfin
-
Do you prefer to build your own auth, or use some library or provider (like auth0, Next Auth, Supabase, etc)?
You seem to be quite knowledgeable and a minimal provider with just the bare minimum would suffice for you. Have a look at Vouch Proxy, it does one thing and it does it well.
-
What do you use for SSO if anything?
I'm using vouch proxy on my Kubernetes cluster and I delegate to a separate IdP (usually GitHub.)
-
Nginx auth_request and Keycloak?
You can't use keycloak direct with auth requests - you need an intermediary they can bridge the gap (or a custom build of Nginx, but that is a pain in the ass). I use Vouch Proxy: https://github.com/vouch/vouch-proxy
Nginx Proxy Manager
-
Ask HN: What Underrated Open Source Project Deserves More Recognition?
I discovered these 3 amazing projects recently:
Cryptpad, essentially google docs/sheets/forms e2e encrypted. It does include collaboration. https://github.com/cryptpad/cryptpad
Immich, google photos self hostable, with share options https://github.com/immich-app/immich
Nginxproxymanager manages certificates and proxies to self hosted stuff through nginx https://github.com/NginxProxyManager/nginx-proxy-manager
Great self hosting stuff!
-
DevOps Simplified: Easy-to-Use Container Projects Deployment
Nginx Proxy Manager
-
:latest or :version for supporting services?
Prime example: Nginx Proxy Manager is often recommended in the sub. The latest minor release came with breaking changes (so already ignoring semver). I bet you many people were running on latest and then had broken stuff: https://github.com/NginxProxyManager/nginx-proxy-manager/releases/tag/v2.10.0
-
Has anyone been able to set up dockerized CrowdSec in front of dockerized NPM using official images only?
Here is the (NPM) GitHub issue where the "fork of a fork" image came into existence (lepresidente/nginx-proxy-manager). It has some interesting discussions about the challenges of having NPM and CrowdSec coexist and cooperate.
-
MyQ's horrible take on open access to their devices
Agree with this, myQ is such a dumpster fire. It needs to have an the ability to be managed over the local network instead of requiring the garage door and app connect to their server.
My very first experience with myQ was figuring out that their IP blocklist provider, brightcloud, blocks anything with the word "proxy" - including the default "it works" page for Nginx Proxy Manager [1]. And they have no way of overriding this to actually provide service if someone turns out to be a legitimate customer.
[1]: https://github.com/NginxProxyManager/nginx-proxy-manager/dis...
-
My Home Lab setup
Load Balancer: NPM Static IP VPN: PureVPN Proxy Server: CCProxy
-
Domains and Email hosting
As far as website hosting, just set up a few Docker containers: one for a web-server of your choice, and one for a reverse proxy. I recommend Nginx Proxy Manager. It handles SSL certificates for you in a super simple way (both the initial acquisition process as well as auto renewal) and makes it easy to expand to using multiple web servers in the future, or setting up redirects without filling up your DNS records.
-
Risk of self-hosting smaller projects
Feel like Christian Lempa is being a bit too lenient with the developer of Nginx Proxy Manager. jc21's handling of reported vulnerability was poor. 10 months to fix and then simply including it in the list of changes for v2.9.20 without publishing a security advisory. Not great. And to make matters worse, the project still doesn't have a security policy.
- Trouble setting up reverse proxy with Nginx.
-
Raspberry Pi 3b+ enough for proxy server
Docker runs on the 3B+ so you could use this [Github] or the one I have deployed here [NGINX Proxy Manager site] amongst others.
What are some alternatives?
traefik - The Cloud Native Application Proxy
docker-swag - Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
socks5-proxy-server - SOCKS5 proxy server
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
BunkerWeb - 🛡️ Make your web services secure by default !
docker-pi-hole - Pi-hole in a docker container
homer - A very simple static homepage for your server.
caddy-docker - Source for the official Caddy v2 Docker Image
frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
proxmox-scripts
authelia - The Single Sign-On Multi-Factor portal for web apps