this post was submitted on 25 Apr 2025
79 points (94.4% liked)

Selfhosted

59999 readers
445 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
79
๐Ÿ›ก๏ธ uSentry - Identity & Access Management (github.com)
submitted 1 year ago by TCB13@lemmy.world to c/selfhosted@lemmy.world
25 comments fedilink hide all child comments
 

uSentry is a lightweight, self-hosted Identity and Access Management (IAM) and Single Sign-On (SSO) solution designed for homelab and small-scale environments.

โšก A single PHP file. < 400 lines of code. No database. No background processes. No cloud. Just works. โšก

Most IAM and SSO solutions require databases, certificates and background services baked into a dozen containers. This is all fine but also also overkill for homelabs and impossible for low-power ARM devices. uSentry is different, it isn't pretty but it sucks less for a lot of use cases.

Enjoy!

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Xanza@lemm.ee 22 points 1 year ago* (last edited 1 year ago) (2 children)

I'm torn between this being fucking genius, and a terrible idea all at once.

EDIT: Requires ngx_http_auth_request_module. * Caddy4lyfe. *

[โ€“] TCB13@lemmy.world 12 points 1 year ago* (last edited 1 year ago) (1 children)

Well, me too. But frankly OpenIAM (24GB of RAM as a requirement) Keycloak, Authelia do too much, require too much and aren't suitable at all for SBCs and small scale stuff.

Edit: This is targeted at people that run nginx as a standalone server or proxy.

[โ€“] Xanza@lemm.ee 8 points 1 year ago

I respect it.

[โ€“] neodc@sh.itjust.works 9 points 1 year ago (1 children)

I didn't test, but should be possible with forward_auth (https://caddyserver.com/docs/caddyfile/directives/forward_auth)

[โ€“] Xanza@lemm.ee 6 points 1 year ago (1 children)

Nice! I'll give it a try.

[โ€“] TCB13@lemmy.world 6 points 1 year ago (1 children)

If you manage to make it worth with Caddy can you share your config? I can add it to the readme or something. Thanks.

[โ€“] Xanza@lemm.ee 7 points 1 year ago

For sure. I'm likely gonna take a look at it this weekend.