18 个仓库
Security mechanisms that intercept HTTP requests at the gateway to validate identity before routing to backend services.
Distinguishing note: Specifically addresses gateway-level authentication interception rather than application-level middleware.
Explore 18 awesome GitHub repositories matching security & cryptography · Reverse Proxy Authentication. Refine with filters or upvote what's useful.
Authelia is a centralized identity and access management server designed to secure web applications through unified authentication and authorization. It functions as an identity authority that enables single sign-on across diverse platforms, allowing users to access multiple services with a single set of credentials. By acting as a standards-compliant provider, it facilitates secure identity propagation and token issuance for client applications. The platform distinguishes itself through its ability to integrate directly with web gateways as a reverse proxy authentication middleware, intercep
Intercepts incoming HTTP requests at the gateway level to validate user identity before granting access to protected backend services.
Dashy is a configuration-driven dashboard designed for personal infrastructure management and self-hosted service monitoring. It functions as a centralized portal that aggregates web links, live infrastructure metrics, and application health status into a unified, searchable interface. By utilizing a structured schema, the platform allows users to define their entire layout, navigation, and widget configuration through version-controlled files, ensuring a portable and reproducible setup across different environments. The project distinguishes itself through a highly modular architecture that
Defers identity verification to a reverse proxy that injects user credentials into request headers.
Navidrome is a self-hosted music streaming server designed to organize, index, and stream personal digital music collections. It functions as a centralized audio streaming platform that manages local audio files, automatically enriching them with metadata and artwork while providing a web interface for playback. The system supports multi-user access, allowing administrators to manage separate collections and listening histories with granular permissions. The platform distinguishes itself through its compatibility with the Subsonic API, enabling users to connect a wide range of third-party mus
Delegates user identity verification to external services via security headers for single sign-on integration.
This project is a reverse proxy server that secures internal web services by enforcing authentication against external identity providers. It acts as a gatekeeper for incoming HTTP traffic, validating user identity before forwarding requests to protected backend applications. By integrating with OAuth2 and OIDC providers, the proxy ensures that only authorized users can access internal resources. The proxy distinguishes itself through its flexible session management and granular access control. It maintains authenticated user state across requests using either encrypted client-side cookies or
Acts as a reverse proxy that secures internal web services by enforcing authentication against external identity providers.
ttyd is a web-based terminal emulator that shares a command-line shell over a web connection. It serves as a remote console and shell gateway, allowing for remote system administration and command execution through a standard web browser. The project includes specialized capabilities for rendering graphical images via the Sixel standard and supporting bidirectional file uploads and downloads using the ZMODEM transfer protocol. It supports collaborative terminal sharing, enabling multiple concurrent users to connect to the same running process or session in real time. The system provides secu
Supports identity verification via external HTTP headers provided by reverse proxies before granting terminal access.
Healthchecks is a heartbeat monitoring service and cron job monitoring tool designed to track the execution and success of scheduled tasks and systemd timers. It functions as a dead man switch, alerting users when expected periodic signals from remote processes fail to arrive. The system accepts health signals via HTTP and SMTP, allowing it to track infrastructure heartbeats from sources ranging from CI/CD workflows to network routers. It distinguishes itself by supporting the capture of diagnostic data, including exit codes and execution logs, and by calculating the duration between start an
Authenticates users or creates accounts based on identity headers passed from an external proxy.
Kanboard 是一个自托管的看板项目管理工具和生产力套件,专为跟踪软件任务和团队协作而设计。它提供了一个通过看板、列和卡片管理工作流的可视化系统。 该项目具有可扩展的插件框架和用于编程任务与项目管理的综合 API。它包括通过 LDAP 集成进行的专门身份管理,允许从目录服务器同步用户帐户和组权限。 该系统涵盖了广泛的功能,包括事件驱动的工作流自动化、详细的项目分析(如燃尽图和周期时间测量)以及细粒度的基于角色的访问控制。它还支持集成时间跟踪、子任务分解以及包括双因素身份验证和反向代理支持在内的多种身份验证方法。 该应用程序兼容 MySQL 和 PostgreSQL 以进行持久数据存储,并可使用 Docker Compose 部署。
Identifies users by reading trusted HTTP headers provided by a reverse proxy to start sessions.
This project is a self-hosted recipe manager designed for organizing digital libraries, planning meals, and generating shopping lists. It serves as a central hub for recipe collection management, providing tools to store, categorize, and share recipes within a collaborative kitchen workflow. The system distinguishes itself through an AI-powered importer that extracts structured ingredients and instructions from images, PDFs, and websites. It further integrates with home automation environments as a containerized add-on and supports S3-compatible object storage for managing media files. The s
Delegates authentication to a reverse proxy by trusting the remote user header.
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
Acts as an authentication gateway that intercepts requests to validate identity before forwarding traffic to backend services.
dockprom is a monitoring stack based on Prometheus and Grafana designed to track the performance of Docker containers and their underlying hosts. It functions as a complete solution for gathering real-time metrics and displaying them through a self-hosted dashboard. The project includes a suite of tools for collecting container and host metrics, as well as a discovery tool specifically for automatically identifying and adding tagged EC2 instances to the monitoring configuration. The system covers several observability areas, including time-series data storage and the creation of performance
Secures monitoring dashboards via a reverse-proxy gateway that handles authentication and user registration.
Sqlpad 是一个基于 Web 的 SQL 客户端与多租户工作台,用于在多个关系型及分析型数据库中编写、执行和保存查询。它作为 ODBC 数据库管理器,使用户能够通过浏览器界面管理数据库连接并探索架构。 该平台作为一个协作环境脱颖而出,用户可以在此共享 SQL 文档并协调数据分析。它集成了通过 OpenID Connect、SAML、LDAP 和 OAuth 实现的身份联合认证,并提供了一个将查询结果渲染为图表与表格的可视化系统。 该系统涵盖了广泛的能力领域,包括用于限制数据库连接的基于角色的访问控制(RBAC)、用于多语句事务的状态化会话管理,以及用于增强安全性的运行时凭据替换。它还提供查询持久化与历史记录追踪,以管理已保存 SQL 语句的生命周期。
Automatically creates and authenticates users by mapping request headers provided by an external reverse proxy.
ui-for-docker 是一个用于控制和监控 Docker 容器的 Web 仪表板和管理界面。它为可视化容器化工作负载的状态和管理 Docker 引擎提供了一个图形化替代方案。 该界面通过本地 Unix 套接字或远程 TCP 端点连接到 Docker 守护进程。它利用 TLS 证书和密钥来保护与远程引擎的通信,并支持通过反向代理进行 HTTP 基本身份验证的访问限制。 该系统作为无状态 Web 前端运行,将用户操作转换为直接发送到 Docker 引擎 API 的请求。
Supports offloading user access control and credential verification to an external reverse proxy.
Calibre-Web-Automated is a self-hosted ebook library server that watches file system folders for new ebook files, automatically converts them to a target format, enriches their metadata from online sources, and inserts them into a Calibre-managed library. It provides a web interface for browsing, reading in-browser, searching full text, and managing collections, while also supporting user authentication through multiple protocols including OAuth 2.0, OpenID Connect, LDAP, magic links, and reverse proxy headers. The server integrates directly with Kobo e-reader devices, synchronizing books, co
Trusts authentication headers set by an upstream reverse proxy to authenticate users and auto-create accounts.
This project is an agentic retrieval-augmented generation platform and orchestration framework designed to connect large language models to private enterprise data. It serves as a self-hosted AI gateway that integrates vector databases and external tools to automate complex information retrieval and generation tasks. The system differentiates itself through an AI agent workflow builder that orchestrates multiple specialized agents with distinct roles to solve multi-step problems. It includes a dedicated vector database integration interface for indexing private documents and a secure sandbox
Implements gateway-level authentication and TLS encryption by intercepting requests via a reverse proxy.
JimsGarage is a collection of shell scripts and automation tools designed to help individuals deploy and manage a wide range of self-hosted services on their own hardware. It provides a structured approach to setting up containerized applications, from media servers and document management systems to VPNs and monitoring stacks, all through automated Docker-based configurations. The project distinguishes itself by offering a comprehensive library of deployment recipes that cover the full lifecycle of a home server environment. This includes not just the services themselves, but also the suppor
Integrates an identity-aware proxy that validates user sessions before routing traffic to backend container services.
Wakapi is a self-hosted activity tracker that collects coding time and language statistics using the WakaTime API protocol. It monitors time spent on projects and programming languages to analyze productivity trends and coding patterns. The project provides a productivity dashboard for analyzing development patterns through time distribution plots and activity reports. It includes a badge generator to create dynamic SVG images and status cards for profile readmes, as well as public leaderboards to rank users based on coding activity. The system manages identity through local credentials or O
Validates user identities by trusting specific request headers passed from a trusted network gateway.
2FAuth is a self-hosted two-factor authentication server and credential vault. It functions as a web-based authenticator app used to organize and generate time-based one-time passwords and other security codes for multiple accounts in a central location. The system distinguishes itself as an API-driven security manager, allowing authentication codes to be integrated into automated workflows and external applications. It also supports shared security credentialing through the use of isolated vaults and shared folders for team collaboration. The project covers a broad range of security and dat
Supports bypassing internal login checks by trusting identity headers passed from a reverse proxy.
BabyBuddy is a self-hosted infant care tracking application designed for logging feedings, diaper changes, and growth metrics to monitor child development. It functions as a private data store for sensitive health and activity records, providing a containerized environment for managing childcare data across different hardware architectures. The system integrates with home automation hubs and provides a RESTful API to enable programmatic recording and querying of care data. It supports collaborative caregiver management, allowing multiple family members or professional caregivers to share acce
Identifies and authenticates users by trusting specific HTTP headers passed from a reverse proxy.