27 Repos
Patterns for securing applications by offloading authentication to a reverse proxy.
Distinguishing note: Focuses on infrastructure-level security offloading.
Explore 27 awesome GitHub repositories matching security & cryptography · Reverse Proxy Security. Refine with filters or upvote what's useful.
SillyTavern is a comprehensive interface and orchestration platform designed for immersive AI roleplay and interactive chat experiences. It functions as a unified gateway that connects users to a wide array of local and cloud-based large language models, providing a centralized environment to manage complex character personas, narrative context, and model-driven interactions. The platform distinguishes itself through its advanced prompt engineering and automation capabilities. It utilizes a sophisticated macro-based templating engine and vector-database retrieval to dynamically inject lore, c
Routes external web traffic through a reverse proxy to manage secure connections and domain-based routing.
Protects the server by delegating authentication and identity validation to a reverse proxy.
SafeLine is a containerized web application firewall and reverse proxy designed to secure web services by inspecting incoming HTTP traffic. It acts as a security gateway that sits in front of backend infrastructure to filter malicious requests and enforce access policies before they reach the application server. The platform distinguishes itself through advanced bot mitigation and content protection capabilities. It employs challenge-response mechanisms to verify human users and dynamically obfuscates HTML and JavaScript content to prevent unauthorized scraping and code tampering. These featu
Centralizes security policy configuration and traffic monitoring for web services in containerized environments.
Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n
Publishes internal web applications and APIs to the public internet via an authenticated reverse proxy with automated TLS certificate management.
Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig
Connects reverse proxies and service meshes to a centralized policy engine.
Asciinema is a platform for capturing, replaying, and sharing command-line sessions. It provides a comprehensive suite of tools to record terminal activity into lightweight, text-based files that preserve ANSI escape sequences, allowing users to document technical workflows, troubleshooting steps, and software demonstrations with high fidelity. The project distinguishes itself through its versatile playback and distribution capabilities. It features a web-based player that renders interactive terminal sessions directly in the browser, supporting features like seeking, playback speed control,
Integrates with reverse proxies and TLS certificates to secure server traffic and manage authentication.
CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offl
Integrates with reverse proxies to perform lightweight request evaluation and block malicious traffic at the edge.
BrowserSync is a web development synchronization tool and live reload server. It functions as a local static web server, a reverse proxy server for existing sites, and a browser testing orchestrator that coordinates page state across different browsers and physical devices. The tool is distinguished by its ability to mirror user interactions, such as clicks, scrolls, and form inputs, in real time across all connected devices. It also provides a web-based device control interface and the capability to create public URL tunnels for remote testing of local sites. The system covers a broad range
Enables local HTTPS encryption to test features requiring secure connections on a development machine.
Owncast is a self-hosted live streaming server that provides full control over broadcast infrastructure and audience data. It functions as an RTMP video streaming server, accepting incoming video feeds and distributing them to viewers through HLS-based segmented streaming. The platform includes a built-in, stateful web-based chat interface that enables real-time viewer engagement during broadcasts. The project distinguishes itself through deep integration with the decentralized Fediverse, allowing servers to automatically broadcast stream status updates and notify followers across distributed
Terminates secure connections at a reverse proxy layer to encrypt public traffic before forwarding requests.
Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo
Provides a secure reverse proxy that protects web applications from malicious requests by default.
Hotel is a reverse proxy and process manager for local development. It maps custom local domains and subdomains to specific ports or remote servers, removing the need for manual host file modifications. The project provides a web interface to manage the lifecycle of background processes and application servers. It includes on-demand process activation, which starts and stops servers automatically when accessed via a browser to conserve system resources. The tool generates self-signed SSL certificates to enable encrypted HTTPS connections for local environments. It also supports routing traff
Configures local SSL/TLS certificates to establish secure HTTPS connections for services running on a local machine.
Electric is a Postgres data synchronization engine and replication proxy designed to enable local-first software. It replicates data from Postgres databases to client-side stores in real time using logical replication, allowing applications to maintain a local embedded database for offline access and low-latency updates. The system distinguishes itself by using shapes to filter and authorize specific subsets of database rows and columns before streaming them to clients or edge workers. It further supports multi-user collaboration by integrating a conflict-free replicated data type framework t
Validates user credentials and shape parameters through a reverse proxy before streaming data to clients.
Lets-chat is a self-hosted team communication platform and XMPP chat server designed for private messaging. It provides a containerized communication environment for small teams to exchange messages and files, featuring a programmable REST API for automating conversations and managing messages from external tools. The platform functions as an XMPP gateway and server, ensuring interoperability with other compliant messaging clients. It distinguishes itself by supporting enterprise identity management, allowing administrators to verify user identities through local accounts or external director
Defines host, port, and SSL certificates to control application access over HTTP and HTTPS.
OrbStack is a native macOS application that replaces Docker Desktop, providing an all-in-one environment for running Docker containers, full Linux virtual machines, and local Kubernetes clusters. It runs Linux VMs directly on the macOS hypervisor framework for near-native performance, uses VirtioFS for fast bidirectional file sharing between macOS and Linux, and leverages Rosetta for near-native x86 emulation on Apple Silicon. The system assigns predictable local domain names to containers and VMs with automatic HTTPS certificate generation, forwards ports via event-driven updates, and stores
Generates and installs TLS certificates automatically for container domains, enabling secure HTTPS without manual setup.
Chainlink is a decentralized oracle network that connects smart contracts to off-chain data, computation, and real-world systems. It provides a secure and reliable infrastructure for blockchain applications to access external information, execute automated workflows, and interact with other blockchains. The network is secured by a staking-based model where node operators lock LINK tokens as collateral, which can be slashed for poor performance, incentivizing honest and accurate data delivery. The platform distinguishes itself through a comprehensive set of capabilities that extend beyond basi
Generates self-signed TLS certificates and configures environment variables for serving node traffic over HTTPS.
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
Secures backend applications by offloading authentication and access control to a reverse proxy.
axe-core is an automated accessibility testing engine and compliance auditor designed to scan web and mobile interfaces for violations of industry accessibility standards. It functions as a programmatic scanner and linter that analyzes HTML and source code to identify barriers and verify compliance with accessibility guidelines. The project distinguishes itself by combining a DOM-based rule engine with computer vision and machine learning to detect complex violations that evade traditional analysis, such as visual heading discrepancies and informative images. It provides specialized capabilit
Supports the configuration of reverse proxies to encrypt traffic and secure connections to the testing instance.
RuoYi-Vue3 is a full-stack administrative dashboard and permission management framework built with SpringBoot and Vue 3. It serves as an enterprise management backend providing a decoupled architecture that separates the API from the user interface. The project features a low-code CRUD generator that automatically produces frontend and backend boilerplate code and API documentation from database tables. It implements a comprehensive role-based access control system for managing users, departments, and granular permissions at the menu and button levels, secured by stateless JSON Web Token auth
Supports setting up a reverse proxy with an SSL certificate to serve the application over HTTPS.
Provides instructions for securing a self-hosted sync server with Nginx and HTTPS.
Laragon is a portable web server suite and WAMP stack manager that provides a self-contained local development environment. It enables the bootstrapping of web applications through the orchestration of web servers, databases, and language runtimes on a single machine. The project is distinguished by its registry-free portable mode, allowing the entire development stack to be moved between drives or computers without re-installation. It features automated virtual host mapping and SSL certificate generation for local domains, as well as a local tunneling gateway to expose projects via public UR
Automates the generation of SSL certificates and virtual host configuration to enable local HTTPS connections.