VoidAuth Release v1.6.0 - Optimization and 1k Stars Celebration 🎉
(github.com)
from notquitenothing@sh.itjust.works to selfhosted@lemmy.world on 18 Dec 11:28
https://sh.itjust.works/post/51831042
from notquitenothing@sh.itjust.works to selfhosted@lemmy.world on 18 Dec 11:28
https://sh.itjust.works/post/51831042
In honor of the great RAM price gouging shortage of 2025-2026, this release cuts the memory usage of VoidAuth in half! I noticed that my own instance was pretty thicc at nearly 300MB of memory usage after stabilizing and not doing anything, so decided to do some trimming and optimization.
(Un)Scientific Results:
- RAM Usage: 280MB -> 150MB
- Image Size: 660MB -> 360MB
This release also brings better support for public OIDC Clients, but more testing is likely needed to catch edge cases so if something isn’t working let me know. Thank you everyone for your engagement and support, I am feeling the love as this project crosses past 1000 stars 🥳. If you are interested, please try it out!
Here are the Release Notes:
What’s Changed
Features 🚀
- Reduce Image Size and Memory Usage
- Better support for Public OIDC Clients
- Allow Native OIDC Clients Non-Reversed-Domain Schemes
Fixes 🔧
- Fixed Issue That Could Cause Stuck Loading Spinner While Prompting to Create Passkey
Docs 📖
- Docs: add Memos SSO configuration instructions in OIDC guides and fix a typo by @FrostWalk
And a bonus meme:
threaded - newest
I keep meaning to try this out.
I’ve always wanted a SSO, however, at this point with over 75 apps, I would have to integrate them somehow.
How would that work in an evil Cloudflare Tunnel/Zero Trust setup?
Caddy?
Well, I’m not sure if the evil Cloudflare Tunnel/Zero Trust, Tailscale, would play nice with Caddy in the mix. I used to use Caddy a long time ago and it is a very capable piece of software. Cloudflare Tunnel/Zero Trust handles pretty much what Caddy does, so I’m unsure if it would create conflict.
There’s always caddy-cloudflare: github.com/CaddyBuilds/caddy-cloudflare
This works perfectly with Cloudflared tunnels. I use it for full https (validated) in completely internal endpoints.
Hmmmm, I did not know that existed. I’ll check it out.
For your 75 apps, any that doesn’t support OIDC can be protected by VoidAuth’s ProxyAuth. Have your reverse proxy forward the request to the voidauth api and it will use the authenticated user’s group membership to allow or deny access. So in your case you could have a blanket rule covering your entire domain and gradually add more specific paths as needed.
Can’t help with your question unfortunately. But I highly endorse VoidAuth!
Ok well that’s helpful. Thanks for the input. I have seen a lot of people recommend VoidAuth so there has to be something to it. LOL
Got any documentation you could point me to to learn about that. As that sounds Interesting.
voidauth.app/#/ProxyAuth-and-Trusted-Header-SSO-S…
The entire docs are pretty short but cover everything. I stumbled into one issue and worked with the dev to update the docs. It was a breeze.
Thanks
I think technically you might actually not need https termination anymore, it was required when the session cookies were set
securemanually but now they should be set automatically if the request protocol was https. You can give it a try just using http or self-signed certs, if you do let me know if it works!You should be aware though that if you are not using https your password and other secrets will be transmitted unencrypted on that layer, so make sure that your setup is secured/encrypted in some other way like wireguard/vpn tunneling.
Most definitely using https. I’ll give it a go and see what shakes out. Thanks for the help. I’ll report back.
Amazing. Been using this for a while now with great success. Thank you for your work. I5ts much easier and lighter than authentik or authelia.