Guard

Guard is an open-source simple and lightweight SSO authentication handler for reverse proxies, written in Go.

Guard aims to make an easily configurable SSO handler, which works with various reverse proxies. Guard will stay simple, without 2FA, LDAP support, etc.
If you want these features, have a look at Authelia ;)

Currently supported reverse proxies:

• Traefik
• Every reverse proxies which forward authentication via X-Forwarded-* headers
• Coming soon if you want to contribute :)

Getting started

You can have a try using the example.

1. First, edit /etc/hosts and add the following lines:

127.0.0.1       guard.local
127.0.0.1       auth.guard.local
127.0.0.1       public.guard.local

2. Then, simply go to example folder and run docker-compose up

3. Open a browser and navigate to http://guard.local: you should be redirected to https://auth.guard.local.

4. Use the default credentials admin/admin so that you are redirected to the app. You're now logged in!

5. If you logout, you should be able to access to http://public.guard.local which is publicly allowed.

Configuration

The configuration is minimalist. Simply provide your domain, the subdomain used for Guard and possible public URLs.

domain: guard.local
guard: auth.guard.local
allowed:
  - public.guard.local

Note: URL can be more precise (e.g. xyz.guard.local/public)

Administration

Guard provides an basic and easy-to-use admin interface, in which you can add or remove users.

Thanks

• xyproto/permissionbolt
• lmorel3/guard-php : Guard was initially written in PHP, but I decided to use Go for better performances!