this post was submitted on 12 Jul 2025
216 points (97.8% liked)

Selfhosted

49454 readers
1351 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
216
GitHub - voidauth/voidauth: An Easy to Use and Self-Host Single Sign-On Provider πŸˆβ€β¬›πŸ”’ (github.com)
submitted 2 days ago* (last edited 2 days ago) by notquitenothing@sh.itjust.works to c/selfhosted@lemmy.world
23 comments fedilink hide all child comments
 

A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.

Features:

  • πŸ™‹β€β™‚οΈ User Management
  • 🌐 OpenID Connect (OIDC) Provider
  • πŸ”€ Proxy ForwardAuth Domains
  • πŸ“§ User Registration and Invitations
  • πŸ”‘ Passkey Support
  • πŸ” Secure Password Reset with Email Verification
  • 🎨 Custom Branding Options

Screenshot of the login portal:

top 23 comments
sorted by: hot top controversial new old
[–] camr_on@lemmy.world 5 points 11 hours ago (1 children)

I just (partially) got authentik running -- how does it compare?

[–] notquitenothing@sh.itjust.works 2 points 3 hours ago (1 children)

VoidAuth is simpler to setup/use than Authentik for sure, but of course Authentik has more features. They both support proxy-auth, OIDC, and have user management UIs so in that way they are similar. I like VoidAuth for its simplicity but you can always run both and decide, if you have any questions about setup I will try to answer!

[–] camr_on@lemmy.world 3 points 2 hours ago

I'll definitely check it out today - I found the authentik learning curve to be surprisingly difficult. All I need is a basic set up for getting my friends and family into audiobookshelf, immich, etc, so this may be a welcome improvement

[–] Hawk@lemmy.dbzer0.com 4 points 1 day ago (1 children)

Definitely giving this a go, seems exactly what I've been looking for for my small self hosted stack.

[–] notquitenothing@sh.itjust.works 2 points 23 hours ago

If you run into any issue during setup let me know! I am still working on the documentation so hopefully it is somewhat understandable πŸ˜†

[–] eldereko@lemmy.dbzer0.com 29 points 1 day ago (2 children)

the Postgres requirement is a dealbreaker for me. I don't get why all these "simple" self-hosted apps need a bloated database. how many users is a self-hoster going to have, maybe 1-10? SQLite can easily handle thousands. I'm currently using Authelia, and it even has a database-less YAML option for managing users

[–] keyez@lemmy.world 1 points 35 minutes ago

On my server I run a single postgres container and create DBs and users for different apps within. Super resource light and I have 7 apps pointed at a single container. Much easier to manage backups as well when there are several apps in the single DB.

[–] notquitenothing@sh.itjust.works 27 points 1 day ago* (last edited 1 day ago) (1 children)

I do agree. I have been thinking about adding a SQLite option which should be somewhat easy since knex (the database package that VoidAuth uses) supports it. Before releasing that I would want to create some way to migrate your data from one database type to another. If you want to use VoidAuth feel free to make an issue for this!

[–] Zelaf@sopuli.xyz 5 points 1 day ago (2 children)

Having run minor projects using PocketBase before and also seen what PocketBase itself can do and SQLite configured correctly in general, It's great. I've gotten to be a big fan of it by the years and gladly opt for it over the bigger ones.

If this project got SQLite support it would be a great replacement for my own setup which requires about 3 or 4 accounts. Currently using a proprietary solution and been looking into moving to Authentik but it's a bit too heavy resource wise for my current servers.

[–] notquitenothing@sh.itjust.works 13 points 1 day ago (1 children)

I will make an issue for adding SQLite support, it has been on my mind for the same reasons. I would say don’t let the Postgres requirement stop you from trying it out. Modern hardware really doesn’t mind having multiple containerized postgresdb instances running, it can be very lightweight when idle.

[–] illusionist@lemmy.zip 5 points 1 day ago (1 children)

Tbo, not using a tool because it only uses postgres sounds strange to me.

[–] lambalicious 1 points 1 day ago (1 children)

It does mean a form of provider lock-in, which is or can be its own issue. Also, while PostgreSQL is one of the best database engines out there among the FOSS stuff, it is verifiably and vastly overblown for stuff like "store a name and a email", and I at least am not aware of any sort of "Postgres Lite" engines else I'd be using them at work.

[–] illusionist@lemmy.zip 0 points 23 hours ago* (last edited 21 hours ago) (1 children)

How does it lock you in? You, the admin, has full control over postgres. Sqlite has no security features. Does it store passwords? Sqlite also locks the database which is usually OK if there are no concurrent jobs. But for such services it sounds like a bad idea to use sqlite. (I am no server/app dev)

[–] lime_red@lemmy.world 1 points 18 hours ago

Sqlite shouldn't lock for read, so unless you are writing something at each access, you can have thousands of concurrent reads. The Sqlite website spells this out, and lists its own self as the proof.

This would mean you could not write logs to the database, you'd have to do it the unixy way and put logs in a text file.

[–] kayohtie@pawb.social 1 points 1 day ago

Yeah, I use Authentik currently and the main reason is simplicity of having it with LDAP. But I've considered running something else backed by FreeIPA to get more compatibility for LDAP. I feel like I have to fight to get something to work with it.

But it has some high overhead for sure.

[–] corsicanguppy@lemmy.ca 10 points 1 day ago (2 children)

This thing looks great but it has layers of supply-chain sploit risk. Make sure you're really secure before trying it -- and if you're (otherwise) iso27002 compliant, give it a pass.

[–] notquitenothing@sh.itjust.works 11 points 1 day ago

I would not recommend using VoidAuth to anyone who needs to be any kind of security compliant. I am not a security professional and am using packages for the OIDC and other security heavy-lifting. I can recommend VoidAuth for those just looking for a simple but good looking auth app for securing their own selfhosted apps and resources.

[–] fluckx@lemmy.world 6 points 1 day ago (1 children)

I'm trying to wrap my head around your comment to understand. What exactly do you mean by supply chain sploit risk?

The tool is using 3rd party libraries and those libraries could be used to introduce vulnerabilities in the app?

[–] lime_red@lemmy.world 3 points 18 hours ago

This is the correct read.

This is also the same as any other software package in existence. In fact, if someone claimed to not use any libraries, I'd be taking a close look at that too.

The key difference is if you're a paying a company for support and certification of the product as delivered, you can yell at them about it. If you're using a free product with no support, you can yell at yourself.

[–] cadekat@pawb.social 7 points 1 day ago (1 children)

How does it compare to keycloak?

[–] notquitenothing@sh.itjust.works 2 points 1 day ago

While I haven’t spun up Keycloak myself, I think VoidAuth would supply some similar functionality. Ideally the features of Keycloak that you are likely to need but easier to setup and use!

[–] Eideen@lemmy.world 3 points 1 day ago (1 children)

This i need to try!

[–] notquitenothing@sh.itjust.works 2 points 1 day ago

Let me know how it goes!