botpress/traefik-forward-auth — explained in plain English
Analysis updated 2026-07-19 · repo last pushed 2022-05-05
Protect internal team dashboards so only employees with a company email can access them.
Put a login gate on a preview environment to share features securely with stakeholders.
Add single sign-on to multiple self-hosted apps without building auth from scratch.
Require login for an admin panel while keeping a marketing page public on the same domain.
| botpress/traefik-forward-auth | 42wim/fabio | 42wim/go-xmpp | |
|---|---|---|---|
| Language | Go | Go | Go |
| Last pushed | 2022-05-05 | 2018-02-04 | 2020-01-24 |
| Maintenance | Dormant | Dormant | Dormant |
| Setup difficulty | moderate | moderate | moderate |
| Complexity | 4/5 | 3/5 | 3/5 |
| Audience | ops devops | ops devops | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires a working Traefik reverse proxy setup and familiarity with Docker Swarm or Kubernetes deployment.
Traefik Forward Auth adds a Google-style "Sign in with your company email" screen in front of any web app you run behind the Traefik reverse proxy. Instead of building login pages and password databases into every internal tool your team uses, you set this up once and let Traefik block unauthorized visitors before they ever reach the app. Traefik is a traffic router that sits in front of your services. This tool acts as a checkpoint that Traefik consults on every incoming request. If a visitor isn't authenticated, the tool redirects them to an OAuth provider (Google, or any OpenID Connect system like Azure or GitHub) to sign in. Once the provider confirms their identity, the tool sets a cookie and Traefik lets the request through to your app. You can restrict access to specific email domains or individual addresses, and a single login can persist across multiple subdomains. A startup founder running internal dashboards on metrics.example.com and chat.example.com would use this to ensure only their employees can access those tools, without writing any auth code. A PM setting up a preview environment for a new feature could put it behind this gate to share securely with stakeholders. It is designed for teams that self-host apps and want single sign-on without building it from scratch. The project is notable for its flexibility: it supports multiple authentication providers, can operate across multiple domains simultaneously, and lets you define rules so auth is selectively applied (for example, requiring login for an admin panel but allowing public access to a marketing page). The README is detailed about configuration options but assumes familiarity with Traefik and deployment environments like Docker Swarm or Kubernetes, so expect a learning curve if those are new to you.
A single sign-on gate for the Traefik reverse proxy. It puts a Google-style login screen in front of any self-hosted web app so only authorized people can access it, without writing auth code.
Mainly Go. The stack also includes Go, Traefik, Docker Swarm.
Dormant — no commits in 2+ years (last push 2022-05-05).
No license information is provided in the explanation, so usage rights are unclear.
Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
double-check against the repo, no cap.