Over the last year I got frustrated with the complexity projects like traefik and caddy have gained recently. While I do love Caddy still, it seems like it wants to do too much, which I understand because they have a commercial offering, but I wanted something simpler.<p>So I set out to build a truly simple proxy that can do the following:<p>* automatic certificates with letsencrypt (using the library created by the awesome caddy team)<p>* authenticate users (currently only sign in with google is supported, but the underlying library should make it trivial to extend this)<p>* authorize users based on simple glob matching<p>* allow creating (and modifying) routes by CLI and API<p>Building this I truly started to appreciate the meaning of standing on the shoulders of giants, the Go libraries I've used are extensive and made this application a lot easier to create.<p>While tobab is by no means finished, if you are looking for a easy to use reverse proxy that will handle certificates and auth for you, this could be the tool you are looking for.
I recently did an "identity aware proxy" deployment to protect a service with SAML, but I used good ol' Apache with mod_proxy. SAML authentication was handled by mod_auth_mellon, and certbot has great integration with Apache. I didn't have to edit any Apache config files for TLS - certbot did it all for me. It even automatically set up systemd to automatically renew. I was really impressed.
Looks great! I have a homelab that already has HTTPS/letsencrypt via an Nginx reverse-proxy, and I use https simple auth for connections coming from the Internet. I’m interested in replacing simple-auth with Tobab. Does the configuration support disabling the letsencrypt parts (since I already have that)? Is there an API route on the tobab hostname (eg tonab.example.com/verify/private.example.com) to verify a cookie authorization that I can configure Nginx to call, instead of needing to proxy all traffic through Tobab?