I can recommend Caddy myself, it is dead simple to configure
notquitenothing
joined 6 months ago
VoidAuth is an Authentik alternative that aims to be easier to use/setup (and look a bit nicer imo). It does provide OIDC and ProxyAuth (ForwardAuth), but Authentik is certainly a more mature/complex SSO provider.
Let me know how it goes! If you have any trouble getting it set up I can try to help as well. I am working on NGINX and NGINX Proxy Manager documentation right now, maybe I will do Traefik afterwards.
VoidAuth currently only supports 2FA through passkeys, and specifically requests 2FA passkeys from passkey providers. I may look into password + passkey but for now the only way to guarantee 2FA login is to make your account passkey-only. This is currently being tracked here: https://github.com/voidauth/voidauth/issues/106
I have never used Smallstep, but based on the documentation it looks like a native+id_token client. If you can get an error message or debug trace, you can sent it to me or open a GitHub issue and I will take a look at it π
πΉ Let me know how it goes! If you have any trouble setting it up feel free to ping me, or open an issue on GitHub
VoidAuth is Single Sign-On for Your Self-Hosted Universe! πββ¬π
This is a smaller release; new features include adding a prompt for passkey creation when a user logs in with a password on a new device, account management options on the Profile Settings page, and a Sent Mail admin page where you can see what notifications the VoidAuth server has sent. Here is the changelog:
Features π
- Sent Mail admin page π€
- User Passkey and Password Account Management π§βπΌ
- User Account Management: Delete Account π΅
- Passkey Prompt After First Login πβ
On a personal note, thank you to the Fediverse community for taking an interest in this project. It is encouraging when you comment on a post, star on GitHub, open an issue, or otherwise engage. I created VoidAuth for my own use, but I really hope to be able to give back and make it into something useful to others.
Also I am accepting the part of myself that enjoys emojis, I don't care that it makes me look like an AI. Look out if I start using em-dashes though...
VoidAuth is Single Sign-On for Your Self-Hosted Universe! πββ¬π
This is a smaller release; new features include adding a prompt for passkey creation when a user logs in with a password on a new device, account management options on the Profile Settings page, and a Sent Mail admin page where you can see what notifications the VoidAuth server has sent. Here is the changelog:
Features π
- Sent Mail admin page π€
- User Passkey and Password Account Management π§βπΌ
- User Account Management: Delete Account π΅
- Passkey Prompt After First Login πβ
On a personal note, thank you to the Fediverse community for taking an interest in this project. It is encouraging when you comment on a post, star on GitHub, open an issue, or otherwise engage. I created VoidAuth for my own use, but I really hope to be able to give back and make it into something useful to others.
Also I am accepting the part of myself that enjoys emojis, I don't care that it makes me look like an AI. Look out if I start using em-dashes though...
Thank you!
You can try VoidAuth, it is kinda similar to Authelia+lldap. I am the developer and I created it because I wasnβt satisfied with Autheliaβs user management. If you decide you want to try it and run into any issues or questions I will try to help :)
I donβt think you could do that directly in the Caddyfile, but you can create those groups/policies inside VoidAuth and assign them to users there.
The steps would be to (in VoidAuth) create the access group/policy, create the ProxyAuth Domain (protected.example.com/*) with the allowed group(s), make sure the user(s) have that group, then in Caddy add the forward_auth directive to the same route you want to protect.
Then when you go to access that route in a browser it will redirect you to VoidAuth login, or if you pass an Authentication header with Basic Auth (like when using an API) it will use that.
You can do this with VoidAuth as well, by setting the DB_NAME variable
60
GitHub - voidauth/voidauth: An Easy to Use and Self-Host Single Sign-On Provider πββ¬π
(github.com)
A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.
Features:
- πββοΈ User Management
- π OpenID Connect (OIDC) Provider
- π Proxy ForwardAuth Domains
- π§ User Registration and Invitations
- π Passkey Support
- π Secure Password Reset with Email Verification
- π¨ Custom Branding Options
Screenshot of the login portal:
I had already posted this to a couple of selfhosting communities, but thought it may fit in opensource as well.
216
GitHub - voidauth/voidauth: An Easy to Use and Self-Host Single Sign-On Provider πββ¬π
(github.com)
A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.
Features:
- πββοΈ User Management
- π OpenID Connect (OIDC) Provider
- π Proxy ForwardAuth Domains
- π§ User Registration and Invitations
- π Passkey Support
- π Secure Password Reset with Email Verification
- π¨ Custom Branding Options
Screenshot of the login portal:
view more: next βΊ
I have been experimenting with a btrfs raid array and am getting some new hard drives in the mail today, hoping it goes smoothly and they work π¬ All part of a larger goal of migrating my synology NAS to a purpose built machine.
Also got my first contribution and donation on my OIDC SSO project, which is really exciting!