This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources.
The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or server-side storage backends, and it supports the extraction of identity claims to enable personalized application logic. Administrators can enforce access policies based on specific user attributes, such as email domains or group memberships, and inject verified identity information into request headers for downstream processing.
Beyond core authentication, the software provides comprehensive traffic management, including path-based routing, WebSocket support, and TLS termination. It offers a declarative configuration system that supports syntax validation and environment variable interpolation, allowing for complex security policies and custom authentication provider integrations. The proxy also handles static content serving and provides detailed operational logging for monitoring system and authentication events.
The software is distributed as precompiled binaries for direct execution or as container images for deployment in cloud-native environments.
