Cette page est affichée en anglais. Une traduction française est en cours.
ConfigsJul 6, 2026·3 min de lecture

VoidAuth — Self-Hosted Single Sign-On for Your Server Stack

VoidAuth is a lightweight, self-hosted SSO and authentication proxy that adds login protection to any web service using OpenID Connect, with a simple setup and minimal resource usage.

Prêt pour agents

Staging sûr pour cet actif

Cet actif est d'abord staged. Le prompt copié demande à l'agent d'inspecter les fichiers staged avant d'activer scripts, config MCP ou config globale.

Stage only · 29/100Policy : staging
Surface agent
Tout agent MCP/CLI
Type
Skill
Installation
Stage only
Confiance
Confiance : Established
Point d'entrée
VoidAuth SSO
Commande de staging sûr
npx -y tokrepo@latest install 0020678a-78f3-11f1-9bc6-00163e2b0d79 --target codex

Stage les fichiers d'abord; l'activation exige la revue du README et du plan staged.

Introduction

VoidAuth is a self-hosted authentication and single sign-on server designed for homelabs and small infrastructure. It acts as an OpenID Connect provider that sits in front of your web services, adding login gates and user management without modifying each application individually.

What VoidAuth Does

  • Provides a central login portal for all your self-hosted web applications
  • Issues OpenID Connect tokens that reverse proxies can validate
  • Manages users and groups with a built-in web administration panel
  • Supports two-factor authentication via TOTP for added security
  • Integrates with Nginx, Traefik, and Caddy as an auth middleware

Architecture Overview

VoidAuth is a TypeScript application built with Next.js for the frontend and a Node.js backend. It implements the OpenID Connect provider specification, issuing JWTs that downstream reverse proxies verify via the forward-auth pattern. User and session data is stored in SQLite. The entire application runs in a single Docker container.

Self-Hosting & Configuration

  • Deploy via Docker with a persistent volume for the SQLite database
  • Set VOIDAUTH_SECRET to a strong random string for JWT signing
  • Configure your reverse proxy (Traefik, Nginx) to forward auth requests to VoidAuth
  • Register each protected application in the VoidAuth admin panel
  • Enable TOTP-based two-factor authentication per user account

Key Features

  • OpenID Connect compliant provider works with any OIDC-capable application
  • Forward-auth pattern protects any web service behind Nginx, Traefik, or Caddy
  • Built-in user management with groups and per-application access control
  • TOTP two-factor authentication for enhanced account security
  • Lightweight single-container deployment with SQLite storage

Comparison with Similar Tools

  • Authelia — mature auth proxy with more features; VoidAuth is simpler to configure
  • Authentik — full identity provider with flows; VoidAuth is lighter and faster to set up
  • Keycloak — enterprise IAM platform; VoidAuth targets homelab-scale deployments
  • TinyAuth — minimal auth middleware; VoidAuth adds full OIDC provider capabilities
  • Zitadel — cloud-native identity; VoidAuth is designed for single-server self-hosting

FAQ

Q: Which reverse proxies does VoidAuth support? A: Traefik, Nginx, and Caddy are supported via the forward-auth middleware pattern.

Q: Can I use VoidAuth with applications that support OIDC natively? A: Yes. Register VoidAuth as the OIDC provider in any application that supports OpenID Connect login.

Q: Does VoidAuth support LDAP? A: VoidAuth uses its own built-in user database. LDAP integration is not currently supported.

Q: How do I back up VoidAuth? A: Back up the /data directory which contains the SQLite database and configuration.

Sources

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires