Pomerium - Identity-aware access proxy

  •        192

Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you'd typically reach for a VPN.

Pomerium is a VPN alternative, it enforces dynamic access policy based on context, identity, and device state. It provides provide a single-sign-on gateway to internal applications.

https://www.pomerium.io
https://github.com/pomerium/pomerium

Tags
Implementation
License
Platform

   




Related Projects

multitor - A tool that lets you create multiple TOR instances with a load-balancing traffic between them by HAProxy

  •    Shell

A tool that lets you create multiple TOR instances with a load-balancing traffic between them by HAProxy. It's provides one single endpoint for clients. Support socks protocol and http-proxy servers: polipo, privoxy and hpts. In addition, you can view previously running TOR processes and create a new identity for all or selected processes. Multitor was created with the aim of initialize many TOR processes as quickly as possible. I could use many instances for my daily use programs (web browsers, messangers and other). In addition, I was looking for a tool that would increase anonymity when conducting penetration tests and testing the security of infrastructure.

Nginx - HTTP and reverse proxy server

  •    C

Nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. It supports accelerated reverse proxying with caching, simple load balancing and fault tolerance, SSL and TLS SNI support, Name-based and IP-based virtual servers and lot more.

grpc-proxy - gRPC proxy is a Go reverse proxy that allows for rich routing of gRPC calls with minimum overhead

  •    Go

The project now exists as a proof of concept, with the key piece being the proxy package that is a generic gRPC reverse proxy handler. The package proxy contains a generic gRPC reverse proxy handler that allows a gRPC server to not know about registered handlers or their data types. Please consult the docs, here's an exaple usage.

goproxy - Proxy is a high performance HTTP(S), websocket, TCP, UDP,Secure DNS, Socks5 proxy server implemented by golang

  •    Go

Pull Request is welcomed. First, you need to clone the project to your account, and then modify the code on the dev branch. Finally, Pull Request to dev branch of goproxy project, and contribute code for efficiency. PR needs to explain what changes have been made and why you change them. This page is the v6.0 manual, and the other version of the manual can be checked by the following link.

muguet - DNS Server & Reverse proxy for Docker - Compatible with docker-compose, boot2docker and docker-machine

  •    Javascript

When using Docker, it's sometimes a pain to access your containers using specific IPs/ports. Muguet provides you with a DNS Server that resolves auto-generated hostnames to your containers IPs, plus a Reverse Proxy to access all your web apps on port 80.


frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet

  •    Go

frp is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet. Now, it supports tcp, udp, http and https protocol when requests can be forwarded by domains to backward web services. Expose any http and https service behind a NAT or firewall to the internet by a server with public IP address(Name-based Virtual Host Support). Expose any tcp or udp service behind a NAT or firewall to the internet by a server with public IP address.

YXORP - Reverse proxy for the HTTP protocol

  •    C

yxorp is a reverse proxy and application level firewall for the HTTP protocol. It can do all kinds of checks on HTTP traffic, and is highly configurable. It also has other functions that are useful for a web frontend, like load balancing. It aims to conform to RFC 2616, RFC 2518, RFC 2109 and other applicable standards.

node-http-proxy - A full-featured http proxy for NodeJS

  •    Javascript

node-http-proxy is an HTTP programmable proxying library that supports websockets. It is suitable for implementing components such as reverse proxies and load balancers. When a request is proxied it follows two different pipelines, The first pipeline (incoming) is responsible for the creation and manipulation of the stream that connects your client to the target. The second pipeline (outgoing) is responsible for the creation and manipulation of the stream that, from your target, returns data to the client.

metadataproxy - A proxy for AWS's metadata service that gives out scoped IAM credentials from STS

  •    Python

The metadataproxy is used to allow containers to acquire IAM roles. By metadata we mean EC2 instance meta data which is normally available to EC2 instances. This proxy exposes the meta data to containers inside or outside of EC2 hosts, allowing you to provide scoped IAM roles to individual containers, rather than giving them the full IAM permissions of an IAM role or IAM user. See the settings file for specific configuration options.

nginx-proxy - Automated nginx proxy for Docker containers using docker-gen

  •    Python

nginx-proxy sets up a container running nginx and docker-gen. docker-gen generates reverse proxy configs for nginx and reloads nginx when containers are started and stopped.See Automated Nginx Reverse Proxy for Docker for why you might want to use this.

Trafik - A Modern Reverse Proxy

  •    Go

Træfik (pronounced like traffic) is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, and a lot more) to manage its configuration automatically and dynamically.

sozu - Sōzu HTTP reverse proxy, configurable at runtime, fast and safe, built in Rust

  •    Rust

This will create the sozu executable for the reverse proxy, and sozuctl to command it. You can edit the reverse proxy's configuration with the config.toml file. You can declare new applications, their frontends and backends through that file, but for more flexibility, you should use the command socket (you can find one end of that unix socket at the path designed by command_socket in the configuration file).

spike - :mega: A fast reverse proxy written in PHP that helps to expose local services to the internet

  •    PHP

Spike is a fast reverse proxy built on top of ReactPHP that helps to expose your local services to the internet. Both the server and local machine need to install this.

jwtproxy - An HTTP-Proxy that adds AuthN through JWTs

  •    Go

The JWT proxy is intended to be used as a complementary service for authenticating, and possibly authorizing requests made between services. There is a forward proxy component, which can be configured to sign outgoing requests to another service, and a reverse proxy component, which can be used to authenticate incoming requests from another service.The JWT forward proxy is used to sign outgoing requests with a JWT using a private key.

ProxySQL - High-performance MySQL proxy

  •    C++

ProxySQL is a high performance, high availability, protocol aware proxy for MySQL and forks (like Percona Server and MariaDB). It has an advanced multi-core architecture. It's built from the ground up to support hundreds of thousands of concurrent connections, multiplexed to potentially hundreds of backend servers. The largest ProxySQL deployment spans several hundred proxies.

Squid - HTTP reverse proxy optimizes web delivery

  •    C++

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. Cached content means data is served locally and users will see this through faster download speeds with frequently-used content.

rev-proxy-grapher - Reverse proxy grapher

  •    Python

This is a useful little tool that will generate a nice graphviz graph illustrating your reverse proxy flow. It takes a manually curated YAML file describing the topology of your network, proxy definitions, and optionally a collection of nmap output files for additional port/service information and output a graph in any format supported by graphviz. This will generate graph.png if everything worked well.

Skipper - An HTTP router and reverse proxy for service composition

  •    Go

Skipper is an HTTP router and reverse proxy for service composition. It's designed to handle >100k HTTP route definitions with detailed lookup conditions, and flexible augmentation of the request flow with filters. It can be used out of the box or extended with custom lookup, filter logic and configuration sources.Skipper provides a default executable command with a few built-in filters. However, its primary use case is to be extended with custom filters, predicates or data sources.

weaver - An Advanced HTTP Reverse Proxy with Dynamic Sharding Strategies

  •    Go

Weaver is a Layer-7 Load Balancer with Dynamic Sharding Strategies. It is a modern HTTP reverse proxy with advanced features. Weaver uses etcd as a control plane to match the incoming requests against a particular route config and shard the traffic to different backends based on some sharding strategy.

Chat.onion - Anonymous and fully encrypted peer-to-peer instant messenger for Android using onion routing (via Tor)

  •    Java

Chat.onion is an anonymous and fully encrypted peer-to-peer instant messenger for Android using onion routing (via Tor). Many instant messengers already use encryption to secure message contents, but they can't hide important metadata such as your IP address and who you are communicating with. To hide all your information, including your metadata, identity, and IP address, Chat.onion uses onion routing (Tor) to send each message over several randomly selected proxy servers. Multiple layers of encryption are used to ensure that each proxy only knows it's immediate successor and predecessor, but not the entire message route.