18 repositorios
Security mechanisms that intercept HTTP requests at the gateway to validate identity before routing to backend services.
Distinguishing note: Specifically addresses gateway-level authentication interception rather than application-level middleware.
Explore 18 awesome GitHub repositories matching security & cryptography · Reverse Proxy Authentication. Refine with filters or upvote what's useful.
Authelia is a centralized identity and access management server designed to secure web applications through unified authentication and authorization. It functions as an identity authority that enables single sign-on across diverse platforms, allowing users to access multiple services with a single set of credentials. By acting as a standards-compliant provider, it facilitates secure identity propagation and token issuance for client applications. The platform distinguishes itself through its ability to integrate directly with web gateways as a reverse proxy authentication middleware, intercep
Intercepts incoming HTTP requests at the gateway level to validate user identity before granting access to protected backend services.
Dashy is a configuration-driven dashboard designed for personal infrastructure management and self-hosted service monitoring. It functions as a centralized portal that aggregates web links, live infrastructure metrics, and application health status into a unified, searchable interface. By utilizing a structured schema, the platform allows users to define their entire layout, navigation, and widget configuration through version-controlled files, ensuring a portable and reproducible setup across different environments. The project distinguishes itself through a highly modular architecture that
Defers identity verification to a reverse proxy that injects user credentials into request headers.
Navidrome is a self-hosted music streaming server designed to organize, index, and stream personal digital music collections. It functions as a centralized audio streaming platform that manages local audio files, automatically enriching them with metadata and artwork while providing a web interface for playback. The system supports multi-user access, allowing administrators to manage separate collections and listening histories with granular permissions. The platform distinguishes itself through its compatibility with the Subsonic API, enabling users to connect a wide range of third-party mus
Delegates user identity verification to external services via security headers for single sign-on integration.
This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources. The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or
Acts as a reverse proxy that secures internal web services by enforcing authentication against external identity providers.
ttyd is a web-based terminal emulator that shares a command-line shell over a web connection. It serves as a remote console and shell gateway, allowing for remote system administration and command execution through a standard web browser. The project includes specialized capabilities for rendering graphical images via the Sixel standard and supporting bidirectional file uploads and downloads using the ZMODEM transfer protocol. It supports collaborative terminal sharing, enabling multiple concurrent users to connect to the same running process or session in real time. The system provides secu
Supports identity verification via external HTTP headers provided by reverse proxies before granting terminal access.
Healthchecks is a heartbeat monitoring service and cron job monitoring tool designed to track the execution and success of scheduled tasks and systemd timers. It functions as a dead man switch, alerting users when expected periodic signals from remote processes fail to arrive. The system accepts health signals via HTTP and SMTP, allowing it to track infrastructure heartbeats from sources ranging from CI/CD workflows to network routers. It distinguishes itself by supporting the capture of diagnostic data, including exit codes and execution logs, and by calculating the duration between start an
Authenticates users or creates accounts based on identity headers passed from an external proxy.
Kanboard es una herramienta de gestión de proyectos Kanban autohospedada y suite de productividad diseñada para el seguimiento de tareas de software y la colaboración en equipo. Proporciona un sistema visual para gestionar flujos de trabajo mediante el uso de tableros, columnas y tarjetas. El proyecto cuenta con un framework de plugins extensible y una API integral para la administración programática de tareas y proyectos. Incluye gestión de identidad especializada a través de la integración LDAP, lo que permite la sincronización de cuentas de usuario y permisos de grupo desde servidores de directorio. El sistema cubre una amplia gama de capacidades, incluyendo automatización de flujo de trabajo basada en eventos, análisis detallados de proyectos como gráficos de burn-down y medición del tiempo de ciclo, y control de acceso granular basado en roles. También admite seguimiento de tiempo integrado, descomposición de subtareas y autenticación de múltiples métodos, incluida la autenticación de dos factores y soporte de proxy inverso. La aplicación es compatible con MySQL y PostgreSQL para el almacenamiento de datos persistente y se puede desplegar utilizando Docker Compose.
Identifies users by reading trusted HTTP headers provided by a reverse proxy to start sessions.
This project is a self-hosted recipe manager designed for organizing digital libraries, planning meals, and generating shopping lists. It serves as a central hub for recipe collection management, providing tools to store, categorize, and share recipes within a collaborative kitchen workflow. The system distinguishes itself through an AI-powered importer that extracts structured ingredients and instructions from images, PDFs, and websites. It further integrates with home automation environments as a containerized add-on and supports S3-compatible object storage for managing media files. The s
Delegates authentication to a reverse proxy by trusting the remote user header.
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
Acts as an authentication gateway that intercepts requests to validate identity before forwarding traffic to backend services.
dockprom is a monitoring stack based on Prometheus and Grafana designed to track the performance of Docker containers and their underlying hosts. It functions as a complete solution for gathering real-time metrics and displaying them through a self-hosted dashboard. The project includes a suite of tools for collecting container and host metrics, as well as a discovery tool specifically for automatically identifying and adding tagged EC2 instances to the monitoring configuration. The system covers several observability areas, including time-series data storage and the creation of performance
Secures monitoring dashboards via a reverse-proxy gateway that handles authentication and user registration.
Sqlpad es un cliente SQL basado en web y un entorno de trabajo multi-inquilino utilizado para escribir, ejecutar y guardar consultas en múltiples bases de datos relacionales y analíticas. Funciona como un gestor de bases de datos ODBC que permite a los usuarios gestionar conexiones y explorar esquemas a través de una interfaz de navegador. La plataforma se distingue como un entorno colaborativo donde los usuarios pueden compartir documentos SQL y coordinar el análisis de datos. Integra federación de identidad mediante OpenID Connect, SAML, LDAP y OAuth, y proporciona un sistema de visualización que renderiza los resultados de las consultas en gráficos y tablas. El sistema cubre amplias áreas de capacidad, incluyendo control de acceso basado en roles para restringir conexiones a bases de datos, gestión de sesiones con estado para transacciones de múltiples sentencias y sustitución de credenciales en tiempo de ejecución para una mayor seguridad. También proporciona persistencia de consultas y seguimiento del historial para gestionar el ciclo de vida de las sentencias SQL guardadas.
Automatically creates and authenticates users by mapping request headers provided by an external reverse proxy.
ui-for-docker es un panel web y una interfaz de gestión para controlar y monitorear contenedores Docker. Proporciona una alternativa gráfica a la línea de comandos para visualizar el estado de las cargas de trabajo contenerizadas y administrar motores Docker. La interfaz se conecta al demonio de Docker a través de sockets Unix locales o puntos finales TCP remotos. Utiliza certificados y claves TLS para asegurar la comunicación con motores remotos y admite la restricción de acceso mediante autenticación básica HTTP a través de un proxy inverso. El sistema opera como un frontend web sin estado que traduce las acciones del usuario en solicitudes enviadas directamente a la API del motor de Docker.
Supports offloading user access control and credential verification to an external reverse proxy.
Calibre-Web-Automated is a self-hosted ebook library server that watches file system folders for new ebook files, automatically converts them to a target format, enriches their metadata from online sources, and inserts them into a Calibre-managed library. It provides a web interface for browsing, reading in-browser, searching full text, and managing collections, while also supporting user authentication through multiple protocols including OAuth 2.0, OpenID Connect, LDAP, magic links, and reverse proxy headers. The server integrates directly with Kobo e-reader devices, synchronizing books, co
Trusts authentication headers set by an upstream reverse proxy to authenticate users and auto-create accounts.
Este proyecto es una plataforma de generación aumentada por recuperación (RAG) agentica y un framework de orquestación diseñado para conectar modelos de lenguaje grandes a datos empresariales privados. Sirve como una puerta de enlace de IA autohospedada que integra bases de datos vectoriales y herramientas externas para automatizar tareas complejas de recuperación y generación de información. El sistema se diferencia por un constructor de flujo de trabajo de agentes de IA que orquesta múltiples agentes especializados con roles distintos para resolver problemas de varios pasos. Incluye una interfaz de integración de base de datos vectorial dedicada para indexar documentos privados y un sandbox seguro para ejecutar código dinámico y análisis de datos durante las conversaciones. La plataforma cubre una amplia gama de capacidades, incluyendo la indexación de datos empresariales, la re-clasificación de resultados para mayor precisión y la entrega tanto de interfaces de chat interactivas como de APIs programáticas. También proporciona controles administrativos para la gestión del comportamiento de la IA, la autenticación de usuarios y la limitación del uso de la API para controlar el consumo de recursos. El despliegue se maneja a través de herramientas de orquestación de contenedores como Docker Compose, con soporte para enrutamiento de tráfico basado en proxy inverso y cifrado TLS para entornos autohospedados seguros.
Implements gateway-level authentication and TLS encryption by intercepting requests via a reverse proxy.
JimsGarage is a collection of shell scripts and automation tools designed to help individuals deploy and manage a wide range of self-hosted services on their own hardware. It provides a structured approach to setting up containerized applications, from media servers and document management systems to VPNs and monitoring stacks, all through automated Docker-based configurations. The project distinguishes itself by offering a comprehensive library of deployment recipes that cover the full lifecycle of a home server environment. This includes not just the services themselves, but also the suppor
Integrates an identity-aware proxy that validates user sessions before routing traffic to backend container services.
Wakapi is a self-hosted activity tracker that collects coding time and language statistics using the WakaTime API protocol. It monitors time spent on projects and programming languages to analyze productivity trends and coding patterns. The project provides a productivity dashboard for analyzing development patterns through time distribution plots and activity reports. It includes a badge generator to create dynamic SVG images and status cards for profile readmes, as well as public leaderboards to rank users based on coding activity. The system manages identity through local credentials or O
Validates user identities by trusting specific request headers passed from a trusted network gateway.
2FAuth is a self-hosted two-factor authentication server and credential vault. It functions as a web-based authenticator app used to organize and generate time-based one-time passwords and other security codes for multiple accounts in a central location. The system distinguishes itself as an API-driven security manager, allowing authentication codes to be integrated into automated workflows and external applications. It also supports shared security credentialing through the use of isolated vaults and shared folders for team collaboration. The project covers a broad range of security and dat
Supports bypassing internal login checks by trusting identity headers passed from a reverse proxy.
BabyBuddy is a self-hosted infant care tracking application designed for logging feedings, diaper changes, and growth metrics to monitor child development. It functions as a private data store for sensitive health and activity records, providing a containerized environment for managing childcare data across different hardware architectures. The system integrates with home automation hubs and provides a RESTful API to enable programmatic recording and querying of care data. It supports collaborative caregiver management, allowing multiple family members or professional caregivers to share acce
Identifies and authenticates users by trusting specific HTTP headers passed from a reverse proxy.