18 مستودعات
Security mechanisms that intercept HTTP requests at the gateway to validate identity before routing to backend services.
Distinguishing note: Specifically addresses gateway-level authentication interception rather than application-level middleware.
Explore 18 awesome GitHub repositories matching security & cryptography · Reverse Proxy Authentication. Refine with filters or upvote what's useful.
Authelia is a centralized identity and access management server designed to secure web applications through unified authentication and authorization. It functions as an identity authority that enables single sign-on across diverse platforms, allowing users to access multiple services with a single set of credentials. By acting as a standards-compliant provider, it facilitates secure identity propagation and token issuance for client applications. The platform distinguishes itself through its ability to integrate directly with web gateways as a reverse proxy authentication middleware, intercep
Intercepts incoming HTTP requests at the gateway level to validate user identity before granting access to protected backend services.
Dashy is a configuration-driven dashboard designed for personal infrastructure management and self-hosted service monitoring. It functions as a centralized portal that aggregates web links, live infrastructure metrics, and application health status into a unified, searchable interface. By utilizing a structured schema, the platform allows users to define their entire layout, navigation, and widget configuration through version-controlled files, ensuring a portable and reproducible setup across different environments. The project distinguishes itself through a highly modular architecture that
Defers identity verification to a reverse proxy that injects user credentials into request headers.
Navidrome is a self-hosted music streaming server designed to organize, index, and stream personal digital music collections. It functions as a centralized audio streaming platform that manages local audio files, automatically enriching them with metadata and artwork while providing a web interface for playback. The system supports multi-user access, allowing administrators to manage separate collections and listening histories with granular permissions. The platform distinguishes itself through its compatibility with the Subsonic API, enabling users to connect a wide range of third-party mus
Delegates user identity verification to external services via security headers for single sign-on integration.
This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources. The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or
Acts as a reverse proxy that secures internal web services by enforcing authentication against external identity providers.
ttyd is a web-based terminal emulator that shares a command-line shell over a web connection. It serves as a remote console and shell gateway, allowing for remote system administration and command execution through a standard web browser. The project includes specialized capabilities for rendering graphical images via the Sixel standard and supporting bidirectional file uploads and downloads using the ZMODEM transfer protocol. It supports collaborative terminal sharing, enabling multiple concurrent users to connect to the same running process or session in real time. The system provides secu
Supports identity verification via external HTTP headers provided by reverse proxies before granting terminal access.
Healthchecks is a heartbeat monitoring service and cron job monitoring tool designed to track the execution and success of scheduled tasks and systemd timers. It functions as a dead man switch, alerting users when expected periodic signals from remote processes fail to arrive. The system accepts health signals via HTTP and SMTP, allowing it to track infrastructure heartbeats from sources ranging from CI/CD workflows to network routers. It distinguishes itself by supporting the capture of diagnostic data, including exit codes and execution logs, and by calculating the duration between start an
Authenticates users or creates accounts based on identity headers passed from an external proxy.
Kanboard هي أداة إدارة مشاريع Kanban مستضافة ذاتياً ومجموعة إنتاجية مصممة لتتبع مهام البرمجيات وتعاون الفريق. توفر نظاماً مرئياً لإدارة سير العمل من خلال استخدام اللوحات والأعمدة والبطاقات. يتميز المشروع بإطار عمل مكونات إضافية قابل للتوسيع وواجهة برمجة تطبيقات شاملة لإدارة المهام والمشاريع برمجياً. يتضمن إدارة هوية متخصصة من خلال تكامل LDAP، مما يسمح بمزامنة حسابات المستخدمين وأذونات المجموعات من خوادم الدليل. يغطي النظام مجموعة واسعة من القدرات، بما في ذلك أتمتة سير العمل القائمة على الأحداث، وتحليلات المشروع التفصيلية مثل مخططات burn-down وقياس وقت الدورة، والتحكم الدقيق في الوصول القائم على الأدوار. كما يدعم تتبع الوقت المتكامل، وتفكيك المهام الفرعية، والمصادقة متعددة الطرق بما في ذلك المصادقة الثنائية ودعم الوكيل العكسي. التطبيق متوافق مع MySQL وPostgreSQL لتخزين البيانات المستمر ويمكن نشره باستخدام Docker Compose.
Identifies users by reading trusted HTTP headers provided by a reverse proxy to start sessions.
This project is a self-hosted recipe manager designed for organizing digital libraries, planning meals, and generating shopping lists. It serves as a central hub for recipe collection management, providing tools to store, categorize, and share recipes within a collaborative kitchen workflow. The system distinguishes itself through an AI-powered importer that extracts structured ingredients and instructions from images, PDFs, and websites. It further integrates with home automation environments as a containerized add-on and supports S3-compatible object storage for managing media files. The s
Delegates authentication to a reverse proxy by trusting the remote user header.
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
Acts as an authentication gateway that intercepts requests to validate identity before forwarding traffic to backend services.
dockprom is a monitoring stack based on Prometheus and Grafana designed to track the performance of Docker containers and their underlying hosts. It functions as a complete solution for gathering real-time metrics and displaying them through a self-hosted dashboard. The project includes a suite of tools for collecting container and host metrics, as well as a discovery tool specifically for automatically identifying and adding tagged EC2 instances to the monitoring configuration. The system covers several observability areas, including time-series data storage and the creation of performance
Secures monitoring dashboards via a reverse-proxy gateway that handles authentication and user registration.
Sqlpad هو عميل SQL قائم على الويب ومنصة عمل متعددة المستأجرين تُستخدم لكتابة وتنفيذ وحفظ الاستعلامات عبر قواعد بيانات علائقية وتحليلية متعددة. يعمل كمدير قاعدة بيانات ODBC يتيح للمستخدمين إدارة اتصالات قواعد البيانات واستكشاف المخططات من خلال واجهة المتصفح. تتميز المنصة بكونها بيئة تعاونية حيث يمكن للمستخدمين مشاركة مستندات SQL وتنسيق تحليل البيانات. وهي تدمج اتحاد الهوية عبر OpenID Connect و SAML و LDAP و OAuth، وتوفر نظام تصور يحول نتائج الاستعلام إلى مخططات وجداول. يغطي النظام مجالات قدرات واسعة بما في ذلك التحكم في الوصول القائم على الأدوار لتقييد اتصالات قاعدة البيانات، وإدارة الجلسات ذات الحالة للمعاملات متعددة العبارات، واستبدال بيانات الاعتماد في وقت التشغيل لتعزيز الأمان. كما يوفر استمرارية الاستعلام وتتبع السجل لإدارة دورة حياة عبارات SQL المحفوظة.
Automatically creates and authenticates users by mapping request headers provided by an external reverse proxy.
ui-for-docker هو لوحة تحكم ويب وواجهة إدارة للتحكم في حاويات Docker ومراقبتها. يوفر بديلاً رسومياً لسطر الأوامر لتصور حالة أحجام العمل المعبأة وإدارة محركات Docker. تتصل الواجهة بـ Docker daemon عبر مآخذ Unix المحلية أو نقاط نهاية TCP عن بُعد. تستخدم شهادات ومفاتيح TLS لتأمين الاتصال بالمحركات البعيدة وتدعم تقييد الوصول من خلال مصادقة HTTP الأساسية عبر وكيل عكسي. يعمل النظام كواجهة ويب عديمة الحالة (Stateless) تترجم إجراءات المستخدم إلى طلبات يتم إرسالها مباشرة إلى واجهة برمجة تطبيقات Docker.
Supports offloading user access control and credential verification to an external reverse proxy.
Calibre-Web-Automated is a self-hosted ebook library server that watches file system folders for new ebook files, automatically converts them to a target format, enriches their metadata from online sources, and inserts them into a Calibre-managed library. It provides a web interface for browsing, reading in-browser, searching full text, and managing collections, while also supporting user authentication through multiple protocols including OAuth 2.0, OpenID Connect, LDAP, magic links, and reverse proxy headers. The server integrates directly with Kobo e-reader devices, synchronizing books, co
Trusts authentication headers set by an upstream reverse proxy to authenticate users and auto-create accounts.
هذا المشروع عبارة عن منصة توليد معززة بالاسترجاع (RAG) وإطار عمل تنسيق مصمم لربط نماذج اللغة الكبيرة ببيانات المؤسسات الخاصة. يعمل كبوابة ذكاء اصطناعي مستضافة ذاتياً تدمج قواعد بيانات المتجهات والأدوات الخارجية لأتمتة مهام استرجاع وتوليد المعلومات المعقدة. يتميز النظام بمنشئ سير عمل وكيل ذكاء اصطناعي ينسق وكلاء متخصصين متعددين بأدوار متميزة لحل المشكلات متعددة الخطوات. يتضمن واجهة دمج قاعدة بيانات متجهات مخصصة لفهرسة المستندات الخاصة وبيئة معزولة (sandbox) آمنة لتنفيذ الكود الديناميكي وتحليل البيانات أثناء المحادثات. تغطي المنصة مجموعة واسعة من القدرات، بما في ذلك فهرسة بيانات المؤسسة، وإعادة ترتيب النتائج للدقة، وتقديم واجهات دردشة تفاعلية وواجهات برمجة تطبيقات برمجية. كما يوفر عناصر تحكم إدارية لإدارة سلوك الذكاء الاصطناعي، ومصادقة المستخدم، وتحديد استخدام API للتحكم في استهلاك الموارد. يتم التعامل مع النشر من خلال أدوات تنسيق الحاويات مثل Docker Compose، مع دعم توجيه حركة المرور القائم على الوكيل العكسي وتشفير TLS للبيئات الآمنة المستضافة ذاتياً.
Implements gateway-level authentication and TLS encryption by intercepting requests via a reverse proxy.
JimsGarage is a collection of shell scripts and automation tools designed to help individuals deploy and manage a wide range of self-hosted services on their own hardware. It provides a structured approach to setting up containerized applications, from media servers and document management systems to VPNs and monitoring stacks, all through automated Docker-based configurations. The project distinguishes itself by offering a comprehensive library of deployment recipes that cover the full lifecycle of a home server environment. This includes not just the services themselves, but also the suppor
Integrates an identity-aware proxy that validates user sessions before routing traffic to backend container services.
Wakapi is a self-hosted activity tracker that collects coding time and language statistics using the WakaTime API protocol. It monitors time spent on projects and programming languages to analyze productivity trends and coding patterns. The project provides a productivity dashboard for analyzing development patterns through time distribution plots and activity reports. It includes a badge generator to create dynamic SVG images and status cards for profile readmes, as well as public leaderboards to rank users based on coding activity. The system manages identity through local credentials or O
Validates user identities by trusting specific request headers passed from a trusted network gateway.
2FAuth is a self-hosted two-factor authentication server and credential vault. It functions as a web-based authenticator app used to organize and generate time-based one-time passwords and other security codes for multiple accounts in a central location. The system distinguishes itself as an API-driven security manager, allowing authentication codes to be integrated into automated workflows and external applications. It also supports shared security credentialing through the use of isolated vaults and shared folders for team collaboration. The project covers a broad range of security and dat
Supports bypassing internal login checks by trusting identity headers passed from a reverse proxy.
BabyBuddy is a self-hosted infant care tracking application designed for logging feedings, diaper changes, and growth metrics to monitor child development. It functions as a private data store for sensitive health and activity records, providing a containerized environment for managing childcare data across different hardware architectures. The system integrates with home automation hubs and provides a RESTful API to enable programmatic recording and querying of care data. It supports collaborative caregiver management, allowing multiple family members or professional caregivers to share acce
Identifies and authenticates users by trusting specific HTTP headers passed from a reverse proxy.