do it yourself
free open source software
self hosted
zero trust
akses selamat, api gateway, capaian jauh, container security, cyber security, devops, devops malaysia, identity aware proxy, infrastruktur selamat, kawalan akses, kendiri hos, keselamatan kontena, keselamatan rangkaian, keselamatan siber, kubernetes, open source, pintu masuk api, proksi sedar identiti, remote access, secure infrastructure, secure tunnels, self hosted, ssh access, sumber terbuka, tanpa konfigurasi, tanpa vpn, vpn alternative, zero config vpn, zero trust
9M2PJU
0 Comments
Build Your Own Zero Trust Access Gateway with Octelium (Open Source & Self-Hosted)
What is Octelium?
Octelium is a free and open source, self-hosted platform that provides zero trust secure access to resources across any environment. It’s designed as a modern, unified alternative to traditional VPNs, ZTNA platforms, API gateways, PaaS hosting, Kubernetes ingress, reverse proxies, and even tools like ngrok.
Whether you’re managing a corporate infrastructure, hosting containerized apps, securing SaaS API access, or just running a homelab, Octelium offers a scalable, identity-based, application-layer (L7) access solution with both client-based (WireGuard/QUIC) and client-less (BeyondCorp-style) capabilities.
Key Use Cases
Octelium is extremely flexible and can be used in the following scenarios:
🔐 Unified Zero Trust Access (ZTNA/BeyondCorp)
Replace commercial ZTNA solutions (like Cloudflare Access, Teleport, or Zscaler) with a self-hosted alternative supporting both client-based and client-less access.
🌐 Modern Remote Access VPN
Octelium works like a zero-config, L7-aware VPN using WireGuard/QUIC tunnels—no complex routing or network configs needed.
🔄 Secure Tunnels & Reverse Proxy
Set up programmable, secure tunnels to expose private services behind NAT—similar to ngrok or Cloudflare Tunnel.
🚀 Self-Hosted PaaS
Deploy and scale containerized apps with secure access controls—an open source alternative to platforms like Vercel or Netlify.
🔁 API Gateway
Manage and secure your microservices, with L7-aware routing, context-aware policies, and built-in authentication support.
🤖 AI Gateway
Add access control and observability to LLM providers or self-hosted AI APIs, including usage tracking and per-request access.
🔑 Secret-less SaaS Access
Grant secure, token-free access to SaaS APIs and databases for teams or workloads—no more sharing API keys or tokens.
🔄 MCP/A2A Architectures
Secure identity-aware infrastructure for Agent-to-Agent or Model Context Protocol (MCP)-based systems.
☸️ Kubernetes Ingress Alternative
Route to any internal resource—not just Kubernetes services—based on identity, headers, request content, or time of day.
🏠 Homelab Gateway
Connect and access all your homelab resources securely—cloud VMs, Raspberry Pis, routers, apps, and more.
Main Features
✅ Unified Zero Trust Architecture
Octelium uses identity-aware proxies instead of IP-based segmentation. This enables:
- Secure access to any private/public resource.
- Support for both client-based (VPN-like) and client-less (browser-based) access.
- Integration with any identity provider (OIDC, SAML, GitHub OAuth, etc.).
- Fine-grained, per-request access control via policy-as-code.
🔐 Secret-less, Dynamic Access
Octelium supports dynamic access to:
- HTTP/gRPC APIs
- SSH (no keys needed)
- Kubernetes clusters
- Databases (PostgreSQL, MySQL)
- Any mTLS-based resource
📜 Policy-as-Code with CEL & OPA
Write composable, dynamic access policies using Common Expression Language (CEL) and Open Policy Agent (OPA).
🔒 Continuous Authentication
Supports strong MFA (e.g. WebAuthn/Yubikey) and secret-less OIDC-based workload identity.
🔎 Full Visibility & Audit Logging
Octelium exports per-request logs to OpenTelemetry OTLP collectors for centralized monitoring, logging, and security analysis.
🖥️ Embedded SSH Mode
SSH into any device or container—even without an SSH server—using Octelium’s embedded SSH capabilities.
🧱 Managed Containers
Securely deploy, manage, and expose containerized applications with public or private access modes.
⚙️ Declarative & GitOps-Friendly
Use octeliumctl CLI to declaratively manage your cluster—like Kubernetes. All configurations can be stored in Git and applied programmatically.
Easy Setup
Install CLI Tools
Linux / macOS
curl -fsSL https://octelium.com/install.sh | sh
Windows (PowerShell)
iwr https://octelium.com/install.ps1 -useb | iex
Install a Single-Node Cluster
For personal or dev environments, you can install Octelium on a small VPS or local VM:
curl -o install-demo-cluster.sh https://octelium.com/install-demo-cluster.sh
chmod +x install-demo-cluster.sh
./install-demo-cluster.sh --domain yourdomain.com
More installation guides and setup details are available in the official docs.
Licensing
- Client-side: Apache 2.0
- Server-side (Cluster components): AGPLv3
A commercial license is available for businesses needing AGPL alternatives.
Project Status & Contributors
Octelium entered public beta in May 2025, and is stable with thousands of commits since 2020. It’s built and maintained by George Badawi via Octelium Labs LLC.
External contributions are currently limited to issue reporting and feature requests, but this may change in the future.
Learn More
- 📖 What is Octelium?
- 🔐 What is Zero Trust?
- 🛠 How Octelium Works
- ⚙️ Managing the Cluster
- 📜 Policies and Access Control
- 📩 Contact Support
Octelium is a fully self-hosted, transparent, and extensible zero trust access platform for the modern age—built to eliminate complexity, improve security, and give you total control over your infrastructure.
Post Comment