I don’t think you could do that directly in the Caddyfile, but you can create those groups/policies inside VoidAuth and assign them to users there.
The steps would be to (in VoidAuth) create the access group/policy, create the ProxyAuth Domain (protected.example.com/*) with the allowed group(s), make sure the user(s) have that group, then in Caddy add the forward_auth directive to the same route you want to protect.
Then when you go to access that route in a browser it will redirect you to VoidAuth login, or if you pass an Authentication header with Basic Auth (like when using an API) it will use that.
You can do this with VoidAuth as well, by setting the DB_NAME variable
VoidAuth is simpler to setup/use than Authentik for sure, but of course Authentik has more features. They both support proxy-auth, OIDC, and have user management UIs so in that way they are similar. I like VoidAuth for its simplicity but you can always run both and decide, if you have any questions about setup I will try to answer!
If you run into any issue during setup let me know! I am still working on the documentation so hopefully it is somewhat understandable 😆
A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.
Features:
Screenshot of the login portal:
I had already posted this to a couple of selfhosting communities, but thought it may fit in opensource as well.
A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.
Features:
Screenshot of the login portal:
I had already posted this to a couple of selfhosting communities, but thought it may fit in opensource as well.
I will make an issue for adding SQLite support, it has been on my mind for the same reasons. I would say don’t let the Postgres requirement stop you from trying it out. Modern hardware really doesn’t mind having multiple containerized postgresdb instances running, it can be very lightweight when idle.
I have never used nforwardauth, but it looks like it offers a subset of the functionality of VoidAuth. Both support proxy-auth, but VoidAuth has user management features and also supports OIDC, passkeys, etc. I think nforwardauth looks like a great project, you can always setup VoidAuth alongside and try it out!
I would not recommend using VoidAuth to anyone who needs to be any kind of security compliant. I am not a security professional and am using packages for the OIDC and other security heavy-lifting. I can recommend VoidAuth for those just looking for a simple but good looking auth app for securing their own selfhosted apps and resources.
I do agree. I have been thinking about adding a SQLite option which should be somewhat easy since knex (the database package that VoidAuth uses) supports it. Before releasing that I would want to create some way to migrate your data from one database type to another. If you want to use VoidAuth feel free to make an issue for this!
My previous setup was with Authelia and lldap, and VoidAuth is heavily inspired by a combination of both. I think the advantages VoidAuth has are simple user management, supporting user registration/invitation, more branding customization, and a better end-user UI (imo).
There are other great selfhosted auth solutions such as Authelia and lldap, and also Authentik, Keycloak, pocket-id, and Rauthy. I would encourage anyone looking for a selfhosted auth solution to shop around!
Let me know how it goes!
A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.
Features:
Screenshot of the login portal:
A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.
Features:
Screenshot of the login portal:
You can try VoidAuth, it is kinda similar to Authelia+lldap. I am the developer and I created it because I wasn’t satisfied with Authelia’s user management. If you decide you want to try it and run into any issues or questions I will try to help :)