this post was submitted on 07 Mar 2026
13 points (88.2% liked)

Selfhosted

57265 readers
468 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
13
Keycloak or alternative? (lemmy.world)
submitted 6 hours ago by reabsorbthelight@lemmy.world to c/selfhosted@lemmy.world
8 comments fedilink hide all child comments
 

I have a Talos k8s setup now and I'm trying to add various services. I have discovered that my old htpasswd file won't cut it for auth.

I want to host the following,

  1. WebDAV solution (currently sftpgo)
  2. Invidious
  3. *arr tools
  4. Bitwarden

Should I go with keycloak? Are there better auth services?

top 8 comments
sorted by: hot top controversial new old
[–] hesh@quokk.au 1 points 1 hour ago

I use Authelia and its worked perfect to put auth in front of my services, including OAuth

[–] poVoq@slrpnk.net 4 points 3 hours ago

https://github.com/lldap/lldap is much simpler.

[–] lwe@feddit.org 5 points 5 hours ago* (last edited 5 hours ago)

If you are not on the warpath with Webauthn I can highly recommend PocketID. It's just so damn convenient. But note that the arrs don't come with a good solution for oidc login. But you can use something like tinyauth or an auth forwarder in your reverse proxy. Bitwarden will work fine but of course still require a master key to unlock the vault itself.

[–] ccunix@lemmy.world 2 points 4 hours ago* (last edited 4 hours ago)

I've been using Authentik for a while now and it works very well. There is also a Teraform provider to manage it as code. I do mostly OIDC, but also use it as a proxy for a few things that do not support that and just need to be locked down (Esp home and longhorn dashboards for example).

The disadvantage is that it is not the lightest option. If that is important to you, look at Authelia.

[–] huangrydude@lm.boing.icu 3 points 5 hours ago

I have been using Authentik for several years now, works great with k8s. Not sure about the difference between Keycloak and Authentik tho (feature vise)

[–] 0x0f@piefed.social 2 points 5 hours ago

I used to love keycloak, but lately they've made changes that make client setup feel very complicated. I switched to authentik a while back and I feel it's far easier to deal with. 

[–] folekaule@lemmy.world 2 points 5 hours ago

For very simple Kubernetes and Docker environments, I've used Dex IdP with good results. It's low on features, but easy to set up.

[–] mhzawadi@lemmy.horwood.cloud 2 points 5 hours ago

Keycloak is amazing for no money, I use it connected to my Google workspace.