Skip Navigation

Simple authentication for homelab?

What's everyones recommendations for a self-hosted authentication system?

My requirements are basically something lightweight that can handle logins for both regular users and google. I only have 4-5 total users.

So far, I've looked at and tested:

  • Authentik - Seems okay, but also really slow for some reason. I'm also not a fan of the username on one page, password on the next screen flow
  • Keycloak - Looks like it might be lighter in resources these days, but definitely complicated to use
  • LLDAP - I'd be happy to use it for the ldap backend, but it doesn't solve the whole problem
  • Authelia - No web ui, which is fine, but also doesn't support social logins as far as I can tell. I think it would be my choice if it did support oidc
  • Zitadel - Sounds promising, but I spent a couple hours troubleshooting it just to get it working. I might go back to it, but I've had the most trouble with it so far and can't even compare the actual config yet
71 comments
  • I use authentik. The login flow is a little weird I agree, my password manager doesn't like it too. Besides that, from the ones I used it's definitely the most stable and developed (I was using authelia before).

    I can't quite figure out how to use it with proxy auth.

  • I'm pretty happy with Authentik. Bitwarden at least has no issues with auto-filling the username and password fields when I want to log in.

    It is also a very complete solution offering basically any current authentication protocol and integration with other providers.

  • I've been using Authelia with several OIDC integrations for a while now. Works great. They've released a huge update like a day ago too. Out of the ones you listed, it's very lightweight too. The docs are a bit all over the place but it is quite comprehensive.

    I did look at Zitadel and tried setting it up myself but I just couldn't get it to work. The docs are a bit vague.

  • I use oauth2proxy+nginx ingress gateway where needed (apps that don't support OIDC themselves), with dex their OIDC provider, and github is dex's upstream IDP+OIDC.

71 comments