Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jsiebens/brink

brink - a lightweight identity aware proxy
https://github.com/jsiebens/brink

beyondcorp gateway identity-aware-proxy reverse-proxy tcp-forwarding tunnel vpn zero-trust

Last synced: about 2 months ago
JSON representation

brink - a lightweight identity aware proxy

Host: GitHub
URL: https://github.com/jsiebens/brink
Owner: jsiebens
License: apache-2.0
Created: 2022-01-07T06:53:27.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2023-06-15T06:34:09.000Z (over 1 year ago)
Last Synced: 2024-06-19T05:56:49.594Z (8 months ago)
Topics: beyondcorp, gateway, identity-aware-proxy, reverse-proxy, tcp-forwarding, tunnel, vpn, zero-trust
Language: Go
Homepage:
Size: 394 KB
Stars: 22
Watchers: 2
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# brink

[![license](http://img.shields.io/badge/license-apache_2.0-blue.svg?style=flat)](https://raw.githubusercontent.com/jsiebens/brink/master/LICENSE)
[![test](https://img.shields.io/github/actions/workflow/status/jsiebens/brink/build.yaml?branch=main)](https://github.com/jsiebens/brink/actions)
[![report](https://goreportcard.com/badge/github.com/jsiebens/brink)](https://goreportcard.com/report/github.com/jsiebens/brink)

__brink__ is a lightweight Identity-Aware Proxy (IAP) for TCP forwarding.

It allows you to establish a secure websocket connection over which you can forward SSH, RDP,
and other traffic to your private services, and allows you to control who can access those services based on identity.

Highlights:

- access your private services from anywhere
- identity-based access for zero-trust security
- authenticate with GitHub or with any trusted OIDC provider
- access policies based on identity
- a single binary or Docker image
- easy configuration

## Quickstart

Create an OIDC client application on your favorite provider, e.g. Auth0, Okta, Keycloak, ... or create a
new [GitHub OAuth](https://github.com/settings/developers) application. In both cases, take note of your client id and
client secret (and the issuer url when using OIDC).

Create a new brink configuration file:

```yaml
tls:
disable: true

auth:
url_prefix: "http://localhost:7000"
provider:
type: "oidc" # or github
issuer: "" # remove this line when using github
client_id: ""
client_secret: ""

proxy:
policies:
local:
filters: [ "*" ]
targets: [ "localhost:*" ]
```

Download the latest version of brink from the [releases](https://github.com/jsiebens/brink/releases) page

Start a brink server instanc:

```shell
$ brink server proxy --config config.yaml
INFO[0000] Starting brink proxy server. Version 0.6.0 - 83c874a
INFO[0000] registering oidc routes
INFO[0000] registering proxy routes
INFO[0000] server listening on :7000
```

Next, use the `brink ssh` command to SSH into the localhost. Depending on your system, a browser will first open
allowing you to authenticate with your identity provider.

```shell
$ brink ssh -r http://localhost:7000 -t localhost:22
```

## Documentation

(coming soon; in the meanwhile, have a look at the examples below)

## Examples

- [Running brink with docker-compose](./examples/docker)
- [Running brink on Kubernetes]((./examples/kubernetes))