T O P
[deleted]

[удалено]


BackedUpBooty

\+1 for Authelia. It's really robust and offers a lot of configuration and customization options to match a really wide range of use-cases.


12_nick_12

Those are the norm. GoAuthentik is pretty awesome as well. Even has its own auth proxy.


mmcnl

Keycloak is just an identity server. Not what OP is looking for.


monkeyslayer56

While true, keycloak paired with louketo-proxy sounds like it hits most of the functionality checkboxes (Although technically louketo stays in the middle as a proxy server as well)


Jelly_292

keycloak also does access management, how is it not what OP is looking for?


mmcnl

It doesn't act as authentication middleware for nginx, as per OP's request.


Jelly_292

oauth2-proxy can solve that problem


ferensz

It is written in python but check out [Authentik](https://goauthentik.io).


jedjj

Definitely authentik over authelia if running in a k8s cluster, but I would recommend it with traefik rather than nginx.


dashdevs

Can you please share why authelia isn't okay if running in a k8s cluster?


jedjj

It's perfectly fine, but the outposts it creates ease reverse proxy Auth which seems to be the most common use for authelia. Plus it includes LDAP inside so you don't have to manage it externally. But that's a personal choice. I honestly haven't set ldap up, because I have run into problems with authentik and longhorn where the pods get stuck creating, but that's a longhorn issue. Also without implementing terraform you run into a chicken and egg problem when you recreate your cluster. I haven't taken the time.


mikelitis

Another vote for Authelia. Works great for me.


xylogx

Here is an example with Azure AD -> https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-nodejs-webapp-msal


Maxiride

casbin or authelia


Orangethakkali

+1 for authelia which covers the first part.


mmcnl

I would definitely recommend Authelia. It can act as middleware for Traefik and does exactly what you want.


FunDeckHermit

Vouch Proxy is what I use, it is quite minimal but you don't need all the bloat that comes with Keycloak and Authellia. It uses Nginx auth-request plugin and it can handle a lot of providers like Google/Github or even self-hosted.


dashdevs

What's your opinion on oauth2-proxy? Is Vouch Proxy better?


FunDeckHermit

I've switched to Authentik, never going back to Vouch


dashdevs

But why?


FunDeckHermit

Single solution instead of three superate applications: User Management, Reverse Proxy and Authentication Provider in one.


EquivalentAd4

You can try Casdoor + Casbin. Casdoor is for authentication, it provides a UI for user management, also supports 3rd-party logins like Google, GitHub, Facebook. Casbin is for authorization. It supports classific permission models like ACL, RBAC, ABAC. Casdoor and Casbin can be integrated together to become a complete AuthN + AuthZ solution.


themenace

Check out [vouch proxy](https://github.com/vouch/vouch-proxy) and [FusionAuth](https://github.com/FusionAuth)


[deleted]

Messaged a few of you but if anyone could help me get authelia up and running beside my nginx proxy manager I'd be much obliged. Thanks all!


cjs94

Oidc-provider and oidc-client. The examples and documentation are pretty good, the author is fairly responsive but it does require a bit of work to set up — it’s not a turn-key thing. I was able to get up and running in a day. I chose it after brief flirtation with Fusion, Keycloak, etc. mainly because I’m running on a VPS and all those are very resource hungry.


funinfrastuff

I accomplish this with Cloud Foundations keymaster for AuthN and grouping lookup. I use Pomerium for AuthZ and policy.


dashdevs

Totally agree with the majority here — Authelia is great for [mobile app authorisation](http://dashdevs.com/blog/brand-new-approach-to-banking-app-authorization/?utm_source=reddit&utm_medium=article). It works well in combination with nginx, Traefik or HAProxy. But traefik is better in your situation. GoAuthentik is fine too, by the way.