README.md
March 4, 2026 ยท View on GitHub
ForAuth
ForAuth (Forward Auth) - simple auth app (session-cookie) with notifications on login and multiple targets and users option
Screenshot 2
Securuty
- This app is only safe when used with
https - Use strong password
- Make sure direct access to Target app is closed with firewall or other measures
Quick start
docker run --name forauth \
-v ~/.dockerdata/ForAuth:/data/ForAuth \
-p 8800:8800 \ # Proxy port
-p 8801:8801 \ # Config port
aceberg/forauth
Then open Config page in browser and set up Auth and Target app.
Example docker-compose-auth.yml for WatchYourPorts. This should work with other apps too.
Config
Configuration can be done through config file, GUI or environment variables. Variable names is config.yaml file are the same, but in lowcase.
| Variable | Description | Default |
|---|---|---|
| FA_AUTH | Enable Session-Cookie authentication | false |
| FA_AUTH_EXPIRE | Session expiration time. A number and suffix: m, h, d or M. | 7d |
| FA_AUTH_USER | Main user username | |
| FA_AUTH_PASSWORD | Encrypted password (bcrypt). How to encrypt password with bcrypt? |
| Variable | Description | Default |
|---|---|---|
| FA_HOST | Listen address for both Config and Proxy | 0.0.0.0 |
| FA_PORT | Port for Proxy | 8800 |
| FA_PORTCONF | Port for Config page | 8801 |
| FA_TARGET | Where to proxy after login (host:port). Example: 192.168.1.1:8840 | |
| FA_THEME | Any theme name from https://bootswatch.com in lowcase or additional (emerald, grass, grayscale, ocean, sand, wood) | united |
| FA_COLOR | Background color: light or dark | dark |
| FA_NODEPATH | Path to local JS and Themes (node-bootstrap) | |
| FA_NOTIFY | Shoutrrr URL. ForAuth uses Shoutrrr to send notifications. It is already integrated, just needs a correct URL. Examples for Discord, Email, Gotify, Matrix, Ntfy, Pushover, Slack, Telegram, Generic Webhook and etc are here | |
| FA_NOTIFY2 | Second Shoutrrr URL. The app will send notifications to both, if they are not empty | |
| FA_IPINFO | Get client IP info (from https://ipinfo.io) on login | false |
| TZ | Set your timezone for correct time |
Options
| Key | Description | Default |
|---|---|---|
| -d | Path to config dir | /data/ForAuth |
| -n | Path to local JS and Themes (node-bootstrap) |
Multiple Targets and Users
Multiple Targets and Users for each target can be configured from Advanced page or in targets.yaml file inside the config dir. Main user (FA_AUTH_USER) has access to all targets and config.
Example:
0.0.0.0:8854: # where proxy will listen
name: DiaryMD # name
target: 127.0.0.1:8754 # where an app listens
users: # users of this target
user1: # username
enabled: true # must be true for user to login
username: user1 # username (same as above)
password: \$2a\$10$bPH6208LpuJFos3x1VhFA.PxzygaAhT056uPxspJxwccgP4n.AnEe
expire: 14d # session expiration time
user3:
enabled: true
username: user3
password: \$2a\$10$eZp3I0A9ojT32gTXvPscHec9e7cHHYtb6M6phl2mUdHXyhFosLW.C
expire: 1d
0.0.0.0:8855:
name: AnyAppStart
target: 127.0.0.1:8755
# users: # users section is optional
# without it only Main user can login
Local network only
By default, this app pulls themes, icons and fonts from the internet. But, in some cases, it may be useful to have an independent from global network setup. I created a separate image with all necessary modules and fonts.
docker run --name node-bootstrap \
-p 8850:8850 \
aceberg/node-bootstrap
docker run --name forauth \
-v ~/.dockerdata/ForAuth:/data/ForAuth \
-p 8800:8800 \
-p 8801:8801 \
aceberg/forauth -n "http://$YOUR_IP:8850"
CURL
To access Target app with curl:
curl -X POST http://localhost:8800 -H "Content-Type: application/x-www-form-urlencoded" -d "username=user&password=pw" -c fileCookie
curl http://localhost:8800 -b fileCookie
Thanks
- All go packages listed in dependencies
- Bootstrap
- Themes: Free themes for Bootstrap
- Favicon and logo: Flaticon