{"id":22370153,"url":"https://github.com/elquimista/authenhub","last_synced_at":"2026-05-08T19:31:13.806Z","repository":{"id":173226771,"uuid":"650378563","full_name":"elquimista/authenhub","owner":"elquimista","description":"Simple authentication gateway with OTP-based 2FA and webauthn support","archived":false,"fork":false,"pushed_at":"2025-02-14T13:51:30.000Z","size":27,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-26T16:27:03.460Z","etag":null,"topics":["2fa","authentication","docker","nginx-proxy","otp","roda","ruby","webauthn","yubikey"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elquimista.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-06-07T00:23:28.000Z","updated_at":"2025-02-14T13:51:33.000Z","dependencies_parsed_at":null,"dependency_job_id":"138cac00-0266-4d23-80cf-fd86391c30cf","html_url":"https://github.com/elquimista/authenhub","commit_stats":null,"previous_names":["elquimista/authenhub"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/elquimista/authenhub","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elquimista%2Fauthenhub","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elquimista%2Fauthenhub/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elquimista%2Fauthenhub/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elquimista%2Fauthenhub/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elquimista","download_url":"https://codeload.github.com/elquimista/authenhub/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elquimista%2Fauthenhub/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32794535,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T08:22:46.396Z","status":"ssl_error","status_checked_at":"2026-05-08T08:22:45.650Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["2fa","authentication","docker","nginx-proxy","otp","roda","ruby","webauthn","yubikey"],"created_at":"2024-12-04T19:35:02.021Z","updated_at":"2026-05-08T19:31:13.788Z","avatar_url":"https://github.com/elquimista.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# authenhub\nSimple authentication gateway with OTP-based 2FA and webauthn support\n\n## Usage\n\n### docker-compose.yml\n```yaml\nservices:\n  app:\n    container_name: authenhub\n    image: elquimista/authenhub:2.2\n    restart: unless-stopped\n    ports:\n      - 127.0.0.1:9696:9696\n    env_file: .env\n```\n\n### .env\nCopy `example.env` file to `.env` and fill and/or change values appropriately. And then run:\n```sh\ndocker-compose up -d\n```\n\n### Yubikey Registration\nWhen you are running the app for the first time, you probably want to register your Yubikey:\n1. Set `SIGNUP_ENABLED=\"true\"` in `.env` file.\n1. Run\n   ```sh\n   docker-compose down; docker-compose up -d\n   ```\n1. Go to `\"https://\u003cauthenhub_app_domain\u003e/signup\"` in the browser. If you are running this app locally, it's best to run it behind Nginx proxy along with `Let's Encrypt` free SSL.\n1. Once you are done interacting with your Yubikey, copy `webauthn_id` and `public_key` values, and append the pair to `ADMIN_WEBAUTHN_CREDS` in `.env` file.\n1. Disable signup by reverting `SIGNUP_ENABLED` to `\"false\"` in `.env` file.\n1. Start a fresh container again:\n   ```sh\n   docker-compose down; docker-compose up -d\n   ```\n\n### Nginx Configuration\nIt is assumed these files are called in from the main nginx conf file.\n\n`/usr/local/etc/nginx/sites-enabled/authenhub.conf` (nginx conf path in homebrew with Intel mac looks like this):\n```nginx\nserver {\n  server_name iam.example.com;\n\n  proxy_buffering off;\n\n  listen 443 ssl; # managed by Certbot\n  ssl_certificate /Users/\u003cusername\u003e/.lets-encrypt/live/example.com/fullchain.pem; # managed by Certbot\n  ssl_certificate_key /Users/\u003cusername\u003e/.lets-encrypt/live/example.com/privkey.pem; # managed by Certbot\n  include /Users/\u003cusername\u003e/.lets-encrypt/options-ssl-nginx.conf; # managed by Certbot\n  ssl_dhparam /Users/\u003cusername\u003e/.lets-encrypt/ssl-dhparams.pem; # managed by Certbot\n\n  location / {\n    proxy_pass http://127.0.0.1:9696;\n    proxy_set_header Host $host;\n  }\n}\n\nserver {\n  listen 80;\n  server_name iam.example.com;\n\n  return 301 https://$host$request_uri;\n}\n```\n\n`/usr/local/etc/nginx/sites-enabled/app1.conf`:\n```nginx\nserver {\n  server_name app1.example.com;\n  proxy_buffering off;\n\n  listen 443 ssl; # managed by Certbot\n  ssl_certificate /Users/\u003cusername\u003e/.lets-encrypt/live/example.com/fullchain.pem; # managed by Certbot\n  ssl_certificate_key /Users/\u003cusername\u003e/.lets-encrypt/live/example.com/privkey.pem; # managed by Certbot\n  include /Users/\u003cusername\u003e/.lets-encrypt/options-ssl-nginx.conf; # managed by Certbot\n  ssl_dhparam /Users/\u003cusername\u003e/.lets-encrypt/ssl-dhparams.pem; # managed by Certbot\n\n  location / {\n    auth_request /auth;\n    error_page 401 = @error401;\n    proxy_set_header Host $host;\n    ...\n  }\n\n  location = /auth {\n    internal;\n    proxy_pass http://127.0.0.1:9696;\n    proxy_pass_request_body off;\n    proxy_set_header Content-Length \"\";\n    proxy_set_header X-Original-URI $request_uri;\n    proxy_set_header X-Authenhub-Host iam.example.com;\n  }\n\n  location @error401 {\n    return 302 $scheme://iam.example.com/login?redirect_uri=$scheme://$http_host$request_uri;\n  }\n\n}\n\nserver {\n  listen 80;\n  server_name app1.example.com;\n\n  return 301 https://$host$request_uri;\n}\n```\n\n## Development\n\nClone this repository and run:\n```sh\ndocker-compose build\ndocker-compose up -d\ndocker-compose exec -it app bash\n(docker) $ rackup -o0.0.0.0 -p9696\n```\n\n### Precompiling Assets\n```sh\n(docker) $ rake assets:precompile\n```\n\n## Build \u0026 Push Docker Image\n```sh\ndocker buildx create --use --platform=linux/amd64,linux/arm64\ndocker buildx build --platform linux/amd64,linux/arm64 --push -t elquimista/authenhub:latest .\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felquimista%2Fauthenhub","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felquimista%2Fauthenhub","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felquimista%2Fauthenhub/lists"}