Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

stateless auth programmable reverse (http/tcp) proxy, with a restful api, cli and web interface that use vault as backend

License

Notifications You must be signed in to change notification settings

nebtex/menshend

Repository files navigation

menshend 门神

GitHub release codecov

Operating system Status
Linux Build Status
Windows Build status
OSX Build Status

Links

Resume

Menshend is an identity-aware reverse proxy (TCP/HTTP) that uses Vault as policy manager. You can use it as replacement for VPNs, firewall rules and to give access programmatically to organization's members, scripts, external users or third party applications.

Menshend was built with the objective of making the secure laboratories creation easy, facilitating the life of DevOps/cloud admin engineers, whom this product is oriented to.

⚠️ In order to use it effectively, you already need to know how to install and operate Vault.

It does also come with a beautiful and functional UI which makes it simple to login to services from the browser, share secrets, etc.

Brief list of things you can protect or do:

  • Organization internal applications (in-house or open-source).
  • Serverless functions.
  • Connect your applications (PostgreSQL, Redshift, etc.) across different VPCs on AWS, without the need of a VPN, VPC peering, etc.
  • Secure external APPs for small or medium size sites.
  • Give secure access to scripts, other machines, third party applications, web-hooks, in-house slack bots.
  • Deploy to Kubernetes in a controlled and secure way from your CI pipelines (Travis CI, Gitlab, CircleCI, Drone, etc.).
  • and much more..., its usages are endless because of being a programmable proxy.

See similar software and limitations

Binaries

Releases

OS X

curl -LO https://github.com/nebtex/menshend/releases/download/$(curl -s https://raw.githubusercontent.com/nebtex/menshend/master/stable.txt)/menshend_darwin_amd64.zip

Linux

curl -LO https://github.com/nebtex/menshend/releases/download/$(curl -s https://raw.githubusercontent.com/nebtex/menshend/master/stable.txt)/menshend_linux_amd64.zip

Windows

curl -LO https://github.com/nebtex/menshend/releases/download/$(curl -s https://raw.githubusercontent.com/nebtex/menshend/master/stable.txt)/menshend_windows_amd64.zip

unzip and make the menshend binary executable and move it to your PATH

full list of downloads for other platforms here

Docker

Docker Pulls

full list of tags, configurations and options

linux amd64

docker pull nebtex/menshend:$(curl -s https://raw.githubusercontent.com/nebtex/menshend/master/stable.txt)

Thanks

Without these projects, menshend would not exist.

  • Vault, as the central policy manager.

  • Oxy, the heart of the proxying strategy.

  • Chisel, we use an adapted version of Chisel to create secured tunnels (port forwarding strategy).

  • Kubernetes and Swagger, the API and CLI tools are inspired on Kubernetes, and we implemented the API with Swagger.

Contribution

To contribute to this project, see CONTRIBUTING.

RoadMap

At the moment we will be focused on fixing small issues and making the software more stable. Development of major features is froze till we can rewrite the codebase with omniql.

Some of the planned features are:

  • Natively support TLS and ACME.
  • Add Javascript resolver.
  • Reduce the hits to Vault.
  • Distributed cache for the resolvers.
  • Improve the performance and make it viable for protecting any kind of external or user facing APP.

Licensing

menshend is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

About

stateless auth programmable reverse (http/tcp) proxy, with a restful api, cli and web interface that use vault as backend

Topics

Resources

License

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages