explaingit

tinyauthapp/tinyauth

7,351GoAudience · ops devopsComplexity · 4/5LicenseSetup · moderate

TLDR

A lightweight self-hosted login server that protects your apps by sitting in front of Traefik, Nginx, or Caddy and requiring visitors to authenticate before they can reach anything you run behind it.

Mindmap

mindmap
  root((tinyauth))
    What it does
      Auth middleware
      Login before access
      Access control per app
    Login methods
      OAuth Google GitHub
      LDAP directory
      Local accounts
    Proxy support
      Traefik
      Nginx
      Caddy
    Setup
      Docker Compose
      Demo available
      Docs at tinyauth.app
    Audience
      Self-hosters
      Home lab users
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Put a login screen in front of all your self-hosted apps so strangers on the internet cannot access them without credentials.

USE CASE 2

Let users sign in to your home server apps using their existing Google or GitHub account via OAuth, with no separate password to manage.

USE CASE 3

Restrict access so only specific users in your LDAP directory can reach certain apps while others are blocked.

USE CASE 4

Try the included Docker Compose example with Traefik and a test app to understand how the proxy and auth server connect before building your own setup.

Tech stack

GoDockerDocker ComposeOAuthLDAPTraefikNginxCaddy

Getting it running

Difficulty · moderate Time to first run · 1h+

Requires Docker and an understanding of reverse proxy configuration, config options may change between releases as the project is under active development.

Licensed under GPL v3, you can use and modify it freely, but any changes you distribute must also be released under the same GPL v3 license.

In plain English

Tinyauth is a small, self-hosted server that handles authentication and access control for your other services. It is written in Go and is designed to sit in front of your apps as a middleware layer, meaning visitors have to log in before they can reach whatever you have running behind it. It works with the three most popular self-hosting proxy tools: Traefik, Nginx, and Caddy. When someone tries to reach one of your apps, the proxy checks with Tinyauth first to confirm the person is allowed in. Tinyauth supports several login methods, including OAuth (which lets users sign in via an existing provider like Google or GitHub), LDAP (used by organizations with a centralized directory of users), and local username-and-password accounts. Access controls let you restrict which users can reach which apps. Tinyauth can also run as a standalone authentication server independent of a proxy. A Docker Compose example file in the repository shows a working setup with Traefik, a test app called Whoami, and Tinyauth together, which you can use to see how the pieces connect before building your own configuration. The project is under active development and the README warns that configuration options may change between releases. Documentation and setup guides live at tinyauth.app. A demo is available at demo.tinyauth.app where you can test the login interface with a default username and password. The project has a Discord server for questions and conversation, and a Crowdin page for anyone who wants to help translate the interface into other languages. Tinyauth is licensed under the GNU General Public License v3.0, which requires that any modifications to the code also be released under the same license.

Copy-paste prompts

Prompt 1
Set up tinyauth with Traefik and Docker Compose to protect my self-hosted Portainer instance with a Google OAuth login. Show me the full docker-compose.yml and tinyauth configuration.
Prompt 2
I have Nginx Proxy Manager running on my home server. Help me configure tinyauth as an auth middleware so that all proxied apps require a username and password login before loading.
Prompt 3
Walk me through adding a new local user account in tinyauth with a specific password, and then restricting that user to only access one of my three protected apps.
Prompt 4
Create a Docker Compose setup using tinyauth, Caddy, and a demo Whoami app that I can run locally to test OAuth login before deploying to my real server.
Open on GitHub → Explain another repo

← tinyauthapp on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.