Over the last year I got frustrated with the complexity projects like traefik and caddy have gained recently. While I do love Caddy still, it seems like it wants to do too much, which I understand because they have a commercial offering, but I wanted something simpler.
So I set out to build a truly simple proxy that can do the following:
* automatic certificates with letsencrypt (using the library created by the awesome caddy team)
* authenticate users (currently only sign in with google is supported, but the underlying library should make it trivial to extend this)
* authorize users based on simple glob matching
* allow creating (and modifying) routes by CLI and API
Building this I truly started to appreciate the meaning of standing on the shoulders of giants, the Go libraries I've used are extensive and made this application a lot easier to create.
While tobab is by no means finished, if you are looking for a easy to use reverse proxy that will handle certificates and auth for you, this could be the tool you are looking for.
I'd only ever used Caddy for a hobby project a few years ago. Just recently I needed something quickly for a reverse proxy. I looked at traefik because I'd heard a lot about it and quickly came to the same conclusion as you - too rich. I thought I'd have a look at the docs for the new-ish Caddy v2.
After a bit of reading, I was shocked that I had set up a reverse proxy with just a single 2 line "caddyfile":
I recently did an "identity aware proxy" deployment to protect a service with SAML, but I used good ol' Apache with mod_proxy. SAML authentication was handled by mod_auth_mellon, and certbot has great integration with Apache. I didn't have to edit any Apache config files for TLS - certbot did it all for me. It even automatically set up systemd to automatically renew. I was really impressed.
Looks great! I have a homelab that already has HTTPS/letsencrypt via an Nginx reverse-proxy, and I use https simple auth for connections coming from the Internet. I’m interested in replacing simple-auth with Tobab. Does the configuration support disabling the letsencrypt parts (since I already have that)? Is there an API route on the tobab hostname (eg tonab.example.com/verify/private.example.com) to verify a cookie authorization that I can configure Nginx to call, instead of needing to proxy all traffic through Tobab?
So I set out to build a truly simple proxy that can do the following:
* automatic certificates with letsencrypt (using the library created by the awesome caddy team)
* authenticate users (currently only sign in with google is supported, but the underlying library should make it trivial to extend this)
* authorize users based on simple glob matching
* allow creating (and modifying) routes by CLI and API
Building this I truly started to appreciate the meaning of standing on the shoulders of giants, the Go libraries I've used are extensive and made this application a lot easier to create.
While tobab is by no means finished, if you are looking for a easy to use reverse proxy that will handle certificates and auth for you, this could be the tool you are looking for.