{"id":21342494,"url":"https://github.com/sineware/securefront","last_synced_at":"2026-05-11T16:38:08.765Z","repository":{"id":263105935,"uuid":"889318510","full_name":"Sineware/securefront","owner":"Sineware","description":"Open Source, Self Hosted Security Gateway with CAPTCHA and automatic TLS termination","archived":false,"fork":false,"pushed_at":"2024-11-16T07:23:19.000Z","size":83,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-16T03:11:45.224Z","etag":null,"topics":["captcha","deno","proxy","reverse-proxy","security","ssl","tls","typescript"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Sineware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-16T04:10:03.000Z","updated_at":"2024-11-16T07:23:23.000Z","dependencies_parsed_at":"2024-11-16T08:23:49.412Z","dependency_job_id":"05d8dab4-dfef-4785-b921-c15a26f68896","html_url":"https://github.com/Sineware/securefront","commit_stats":null,"previous_names":["sineware/securefront"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sineware%2Fsecurefront","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sineware%2Fsecurefront/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sineware%2Fsecurefront/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sineware%2Fsecurefront/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Sineware","download_url":"https://codeload.github.com/Sineware/securefront/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243818199,"owners_count":20352629,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["captcha","deno","proxy","reverse-proxy","security","ssl","tls","typescript"],"created_at":"2024-11-22T01:08:52.188Z","updated_at":"2026-05-11T16:38:08.667Z","avatar_url":"https://github.com/Sineware.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Sineware Securefront\n## Open Source, Self Hosted Security Gateway\nA reverse proxy with websocket support that helps monitor and secure backend resources, written for Deno.\n\n## Features\n- CAPTCHA gating (displays a page with a captcha before reverse proxying to the backend)\n- Automatic TLS certificate generation and termination using acme.sh (zerossl) and Deno's rustls implementation\n- Apache-style logging with tcp syslog support (ex. to Elasticsearch/Opensearch)\n\n![Securefront Captcha Page](./docs/captcha-page.png)\n\n## Installation\nDocker is the only supported installation method. Copy the docker-compose.yml file and securefront.config.toml files to a directory, and additionally create a `tls` directory. The securefront.config.toml file should be edited to reflect the desired configuration. \n```bash\nwget https://raw.githubusercontent.com/sineware/securefront/main/docker-compose.yml\nwget https://raw.githubusercontent.com/sineware/securefront/main/securefront.config.toml\nmkdir -pv tls\ndocker compose up\n```\n\n## Configuration\n`securefront.config.toml` is the configuration file for Securefront. The default configuration file should be relatively self-explanatory.\n\n- `port, tls_port, and hostname` should be left as is (unless you are attempting to use SF outside of the supported container)\n- `captcha_jwt_secret` should be a long, secure random string used to sign the JWTs for the captcha page (use a command like `openssl rand -base64 64` to generate a secure secret)\n- `hcaptcha_*` are the keys for the hCaptcha service.\n- Options under `[tls]` are for the automatic TLS cert generation feature. If disable, Securefront will listen on http only.\n- Likewise `[tls_manual]` is to bring your own cert. Only tls or tls_manual should be enabled, not both.\n- Each `[[proxy]]` entry defines a reverse proxy configuration.\n    - `host` and `path` define the incoming request path to match (ex. if `host=sineware.ca`, then all requests to sineware.ca/* will match, if you addtionally specify `path=/api`, then only requests to sineware.ca/api/* will match). \n    - `proxy_url` is the backend URL to proxy to. Requests will have the Host header match the incoming request (aka. `host=`). Howevever, responses are not rewritten.\n    - `websocket` is a bool which enables websocket support for this route.\n    - `captcha` is a bool which enables the captcha guard page for this route.\n    - `captcha_expiry` is the time in minutes before the JWT expires and requires the user to complete the captcha again.\n\n## License\nSineware Securefront is licensed under the GNU AGPL v3.0 license. See the LICENSE file for more information.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsineware%2Fsecurefront","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsineware%2Fsecurefront","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsineware%2Fsecurefront/lists"}