35
VoidAuth Release v1.6.0 - Optimization and 1k Stars Celebration 🎉 (github.com)
submitted 16 hours ago by notquitenothing@sh.itjust.works to c/selfhosted@lemmy.world
14 comments fedilink hide all child comments

In honor of the great RAM ~~price gouging~~ shortage of 2025-2026, this release cuts the memory usage of VoidAuth in half! I noticed that my own instance was pretty thicc at nearly 300MB of memory usage after stabilizing and not doing anything, so decided to do some trimming and optimization.

(Un)Scientific Results:

  • RAM Usage: 280MB -> 150MB
  • Image Size: 660MB -> 360MB

This release also brings better support for public OIDC Clients, but more testing is likely needed to catch edge cases so if something isn't working let me know. Thank you everyone for your engagement and support, I am feeling the love as this project crosses past 1000 stars 🥳. If you are interested, please try it out!

Here are the Release Notes:

What's Changed

Features 🚀

  • Reduce Image Size and Memory Usage
  • Better support for Public OIDC Clients
  • Allow Native OIDC Clients Non-Reversed-Domain Schemes

Fixes 🔧

  • Fixed Issue That Could Cause Stuck Loading Spinner While Prompting to Create Passkey

Docs 📖

  • Docs: add Memos SSO configuration instructions in OIDC guides and fix a typo by @FrostWalk

And a bonus meme:

alien overlord meme with RAM looking down over CPU and RENT

top 14 comments
sorted by: hot top controversial new old
[-] femtek 4 points 16 hours ago

I keep meaning to try this out.

[-] irmadlad@lemmy.world 3 points 16 hours ago

I've always wanted a SSO, however, at this point with over 75 apps, I would have to integrate them somehow.

VoidAuth does NOT provide https termination itself, but it is absolutely required. This means you will need a reverse-proxy with https support in front of VoidAuth, as well as your other services.

How would that work in an evil Cloudflare Tunnel/Zero Trust setup?

[-] CHOPSTEEQ@lemmy.ml 4 points 15 hours ago

For your 75 apps, any that doesn’t support OIDC can be protected by VoidAuth’s ProxyAuth. Have your reverse proxy forward the request to the voidauth api and it will use the authenticated user’s group membership to allow or deny access. So in your case you could have a blanket rule covering your entire domain and gradually add more specific paths as needed.

Can’t help with your question unfortunately. But I highly endorse VoidAuth!

[-] kurikai@lemmy.world 2 points 15 hours ago

Got any documentation you could point me to to learn about that. As that sounds Interesting.

[-] CHOPSTEEQ@lemmy.ml 3 points 14 hours ago

https://voidauth.app/#/ProxyAuth-and-Trusted-Header-SSO-Setup

The entire docs are pretty short but cover everything. I stumbled into one issue and worked with the dev to update the docs. It was a breeze.

[-] kurikai@lemmy.world 1 points 13 hours ago

Thanks

[-] irmadlad@lemmy.world 2 points 15 hours ago

So in your case you could have a blanket rule covering your entire domain and gradually add more specific paths as needed.

Ok well that's helpful. Thanks for the input. I have seen a lot of people recommend VoidAuth so there has to be something to it. LOL

[-] kurikai@lemmy.world 3 points 15 hours ago

Caddy?

[-] irmadlad@lemmy.world 1 points 15 hours ago

Well, I'm not sure if the evil Cloudflare Tunnel/Zero Trust, Tailscale, would play nice with Caddy in the mix. I used to use Caddy a long time ago and it is a very capable piece of software. Cloudflare Tunnel/Zero Trust handles pretty much what Caddy does, so I'm unsure if it would create conflict.

[-] AmbiguousProps@lemmy.today 3 points 15 hours ago

There's always caddy-cloudflare: https://github.com/CaddyBuilds/caddy-cloudflare

This works perfectly with Cloudflared tunnels. I use it for full https (validated) in completely internal endpoints.

[-] irmadlad@lemmy.world 3 points 15 hours ago

Hmmmm, I did not know that existed. I'll check it out.

[-] notquitenothing@sh.itjust.works 2 points 15 hours ago* (last edited 14 hours ago)

I think technically you might actually not need https termination anymore, it was required when the session cookies were set secure manually but now they should be set automatically if the request protocol was https. You can give it a try just using http or self-signed certs, if you do let me know if it works!

You should be aware though that if you are not using https your password and other secrets will be transmitted unencrypted on that layer, so make sure that your setup is secured/encrypted in some other way like wireguard/vpn tunneling.

[-] irmadlad@lemmy.world 2 points 15 hours ago

be aware though that if you are not using https

Most definitely using https. I'll give it a go and see what shakes out. Thanks for the help. I'll report back.

[-] portnull@lemmy.dbzer0.com 2 points 15 hours ago

Amazing. Been using this for a while now with great success. Thank you for your work. I5ts much easier and lighter than authentik or authelia.

this post was submitted on 18 Dec 2025
35 points (100.0% liked)

Selfhosted

53747 readers
427 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz