xsrv
vouch-proxy
Our great sponsors
xsrv | vouch-proxy | |
---|---|---|
24 | 48 | |
290 | 2,643 | |
- | 2.2% | |
9.7 | 3.2 | |
4 days ago | about 1 month ago | |
Jinja | Go | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xsrv
- Graylog upgrade from 2 to 5 version
- Using Apache2 as a reverse proxy on a live server?
-
Do you have an LDAP server setup?
Yes, OpenLDAP installed from this ansible role
-
Logrotate appreciation
It's dead easy to use TCP/SSL instead of UDP to forward logs. Example rsyslog config
-
Simple way to centralize my server logs?
I use rsyslog for that since it's the default in Debian. Configuring forwarding is very simple, a single file in /etc/rsyslog.d/forwarding.conf [1]. Note that this setup uses TLS to encrypt messages so you need to create the relevant certificates (I use self-signed certs). Unencrypted TCP or UDP is simpler, but less secure.
-
How to create and use VMs in a headless Linux server from the command line
preseed.cfg contains a few basic options needed to setup the OS [1]
-
Best openldap + samba file server approach
I do this with https://github.com/nodiscc/xsrv/tree/master/roles/openldap + https://github.com/nodiscc/xsrv/tree/master/roles/samba. It's just a standalone samba server + LDAP auth for users, no DC or anything like that, so I'm not sure this is what you're looking for.
- YUnoHost alternative?
-
Beginner's Guide to Open LDAP?
This ansible role (check the tasks/ directory) gives a good breakdown of what is needed to setup a basic LDAP server and authentication service
-
Samba shares without managing a DC
I use samba in standalone mode with or without LDAP auth https://github.com/nodiscc/xsrv/tree/master/roles/samba
vouch-proxy
- I'm looking for an SSO server/reverse proxy with features I'm not sure exist
-
Keycloak vs. Authentik vs. Authelia, help choose SSO
Look into vouch proxy
- Solf-hosted login form for self-hosted app ?
- AWS EKS front end authentication with Okta?
-
Is there something like Keycloak or Authelia that supports both forward auth and identity providers?
Vouch proxy is designed for this usage: https://github.com/vouch/vouch-proxy I don't think there are any nice UIs to configure it though so you'll need to be familiar with running it yourself.
-
cloudflare and ingress-nginx
Not sure this is a "best practice", but it lets me keep control of the Ingress resources inside their YAML configs. I've also layered Vouch Proxy into the ingress configurations to require SSO/MFA auth to access the resources behind the Ingress. Cloudflare has the ability to do this, but I found it cumbersome to keep track of the configs outside the K8s cluster.
-
Single Sign on for reverse proxy (NGINX Proxy Manager)
I've used vouch proxy for my own stuff previously, before more recently moving to Cloudflare Access. vouch can be slightly janky at times to get working right, but once set up, it's been solid.
-
Yubikey support in Jellyfin
For example: nginx -> Vouch proxy -> KeyCloak -> Jellyfin
-
Jump Host SSO to Internal Apps
While this works, we were hoping to make access a bit easier with say an OpenID Connect SSO and reverse-proxy solution. I've seen Vouch Proxy, https://github.com/vouch/vouch-proxy which is really just SSO on top of nginx, but I'm wondering if there's a simpler way to do this.
-
Do you prefer to build your own auth, or use some library or provider (like auth0, Next Auth, Supabase, etc)?
You seem to be quite knowledgeable and a minimal provider with just the bare minimum would suffice for you. Have a look at Vouch Proxy, it does one thing and it does it well.
What are some alternatives?
Yacht - A web interface for managing docker containers with an emphasis on templating to provide 1 click deployments. Think of it like a decentralized app store for servers that anyone can make packages for.
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
Ansible-NAS - Build a full-featured home server or NAS replacement with an Ubuntu box and this playbook.
jfa-go - a better way to manage your Jellyfin users, now in go
budibase - Budibase is an open-source low code platform that helps you build internal tools in minutes 🚀
authentik - The authentication glue you need.
HomelabOS
authelia - The Single Sign-On Multi-Factor portal for web apps
VestaCP - VESTA Control Panel
traefik-forward-auth - Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
xsrv
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface