OpenApps
Pomerium

Pomerium

GitHubWebsite

Pomerium is an identity-aware reverse proxy that provides secure access to internal applications. It acts as a successor to oauth_proxy by inserting an OAuth step before proxying requests to backends, enabling safe exposure of self-hosted websites to the public internet.

Similar self-hosted alternatives:
AutheliaAutheliaOAuth2 ProxyOAuth2 ProxyJauthJauth
Repository activity:
Stars
4,290
Forks
300
Watchers
42
Open Issues
131
Last commit
about 3 hours ago
Details:
Estimated Popularity
18
Pricing Model
Free
Hosting Type
Self-Hosted
License
Apache-2.0
Deployment Difficulty
Medium
Language
Go

Pomerium is a modern identity-aware reverse proxy that brings zero-trust security principles to application access. By requiring authentication and authorization for every request, it enables organizations to securely expose internal applications while maintaining granular control over who can access what.

Key Features

  • Identity-Aware Access Control:

    • OAuth 2.0 and OpenID Connect integration
    • Support for major identity providers (Google, GitHub, Azure AD, Okta)
    • Multi-provider authentication support
    • Identity verification and validation
    • Secure session management
    • Single sign-on (SSO) capabilities

  • Policy-Based Authorization:

    • Fine-grained access control policies
    • Context-aware authorization decisions
    • Group and role-based access control
    • Dynamic policy evaluation
    • Conditional access rules
    • Time-based access restrictions

  • Zero Trust Security:

    • Never trust, always verify approach
    • End-to-end encryption for all communications
    • Mutual TLS (mTLS) support
    • Certificate-based authentication
    • Continuous verification
    • Least privilege access principles

  • Reverse Proxy Capabilities:

    • High-performance HTTP/HTTPS proxying
    • Load balancing across multiple backends
    • Health checking and failover
    • Request routing and rewriting
    • Custom header injection
    • WebSocket support

  • Enterprise Security Features:

    • Comprehensive audit logging
    • Security event monitoring
    • Compliance reporting
    • Data loss prevention
    • Threat detection
    • Security analytics

  • Cloud-Native Architecture:

    • Kubernetes-native deployment
    • Docker container support
    • Horizontal scaling capabilities
    • Service mesh integration
    • Cloud platform compatibility
    • Infrastructure as code support

  • Management & Monitoring:

    • Centralized configuration management
    • Real-time monitoring dashboard
    • Policy management interface
    • User access analytics
    • Performance metrics
    • Health status monitoring

Technical Specifications

  • Language: Go
  • Protocols: HTTP/1.1, HTTP/2, HTTPS, mTLS
  • Authentication: OAuth 2.0, OIDC
  • Platforms: Linux, Windows, macOS, Docker, Kubernetes
  • License: Apache-2.0
  • Deployment: Binary, Docker, Kubernetes

Use Cases

  • Internal Application Access: Secure access to internal web applications
  • Remote Work Security: Safe access to company resources from anywhere
  • Zero Trust Implementation: Building zero-trust network architecture
  • Compliance Requirements: Meeting security and compliance standards
  • Multi-cloud Security: Consistent security across cloud environments
  • Developer Tool Access: Secure access to development and staging environments

Unique Advantages

  • Identity-First Security: Authentication and authorization for every request
  • Zero Trust Ready: Built with zero-trust principles from the ground up
  • Policy-Driven: Flexible, policy-based access control
  • Cloud Native: Designed for modern cloud and container environments
  • Enterprise Grade: Comprehensive security and compliance features
  • Open Source: Transparent, auditable, and customizable

Based on the Pomerium GitHub repository, this tool provides organizations with a modern approach to application security that goes beyond traditional VPNs and firewalls, enabling secure access to applications while maintaining visibility and control over user access patterns.

Help improve this content

Found an error or want to add more information about Pomerium? You can edit this page directly on GitHub.

Related Projects

Similar projects based on shared tags

reverse-proxyidentity-awareoauth+1 more
SafeLine
SafeLine
SafeLine is a web application firewall and reverse proxy designed to protect web applications from attacks and exploits. It provides comprehensive security features including threat detection, attack prevention, and real-time monitoring with easy deployment through Docker.
wafsecurity
Stars
16,704
Relative Popularity
69
OAuth2 Proxy
OAuth2 Proxy
OAuth2 Proxy is a flexible, open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. It provides a simple and secure way to protect web applications with OAuth2/OIDC authentication by intercepting requests and redirecting users to OAuth2 providers for authentication.
reverse-proxyoauth2
Stars
11,242
Relative Popularity
49
TinyAuth
TinyAuth
The simplest way to protect your apps with a login screen - authentication middleware for Docker apps
authenticationsecurity
Stars
2,267
Relative Popularity
9
Explore More Projects

Project Categories

reverse-proxyidentity-awareoauthsecurity

Click on a category to explore similar projects