Open Source, Self-Hosted Homelab Infrastructure for Remote Access, Hosting and Deployment

A Complete, Scalable, Self-Hosted, Secure Remote Access Solution for Developers and Teams to Access any Internal Resource of any Type Running behind NAT Anywhere

A Unified Zero Trust Architecture that Supports both the Private VPN-like Client-based Mode over WireGuard/QUIC Tunnels as well as the Client-less Public BeyondCorp Mode via Browsers.

Seamlessly Deploy Containers via Octelium and Provide Secure as well as Public Anonymous Access for your Containerized Microservices such as APIs, Blogs and Development as well as Production Web Applications.

Seamlessly integrate any OpenID Connect or SAML 2.0 SSO Provider as well as GitHub OAuth2.

Provide Secretless Access to SSH Servers, HTTP-based APIs, Databases and mTLS-based Applications

Application-layer Aware Access Control via Identity-based Context-aware ABAC and Policy-as-Code via CEL and Open Policy Agent (OPA)

OpenTelemetry-ready Layer-7 Aware, Real-Time Visibility and Auditing to Your Log Management and SIEM Providers

Designed to be Administered like Kubernetes via DevOps/GitOps-friendly Centralized and Declarative Way. The Cluster is furthermore fully Programmable over gRPC.

Dynamically Apply Native FIDO2 Passkey/WebAuthn, Time-based one-time Password (TOTP) Authentication and TPM 2.0 Authentication. Enforce Using Attested Hardware-based FIDO2 Authenticators in your Access Control Decisions.

A unified, automatically managed, private DNS using your own domain for all resources scattered across the different remote networks that works consistently and independently of the dynamic network details of the upstreams. Furthermore, protect and audit all DNS queries using your own fallback servers (e.g. Pi-hole or commercial DNS servers) for all connected Users.