{"type":"mcp_client","name":"octelium","description":"**Concise Description:**\n\nSelf-hosted zero trust access platform. VPN, ZTNA, API gateway, PaaS, and secure remote access solution. #zerotrust #security #opensource","category":"AI","language":"Go","stars":3877,"forks":49,"owner":"octelium","github_url":"https://github.com/octelium/octelium","homepage":"https://octelium.com/docs","setup":"## Setup\n\n### 1. Install CLI Tools\n\n**Prerequisites:**\n\n*   A terminal or command prompt.\n*   `curl` (or `wget`) and `sh` for Linux and MacOS.\n*   PowerShell for Windows.\n\n**Installation Steps:**\n\nYou can install the CLI tools using the following commands:\n\n**For Linux and MacOS:**\n\n```bash\ncurl -fsSL https://octelium.com/install.sh | sh\n```\n\n**For Windows (in PowerShell):**\n\n```powershell\niwr https://octelium.com/install.ps1 -useb | iex\n```\n\nThis script will download and install the `octelium`, `octeliumctl`, and `octops` command-line tools.\n\n### 2. Install Your First Cluster\n\n**Prerequisites:**\n\n*   A cloud VM/VPS instance (e.g., DigitalOcean Droplet, Hetzner server, AWS EC2, Vultr) or a local Linux machine/Linux VM inside a MacOS/Windows machine.\n*   At least 2GB of RAM and 20GB of disk storage.\n*   A recent Linux distribution (Ubuntu 24.04 LTS or later, Debian 12+).\n*   SSH access to the VPS/VM as root.\n*   A domain name that you own and can configure DNS records for.\n\n**Installation Steps:**\n\n1.  SSH into your VPS/VM as root.\n\n2.  Download the installation script:\n\n    ```bash\n    curl -o install-demo-cluster.sh https://octelium.com/install-demo-cluster.sh\n    ```\n\n3.  Make the script executable:\n\n    ```bash\n    chmod +x install-demo-cluster.sh\n    ```\n\n4.  Run the installation script, replacing `<DOMAIN>` with your actual domain:\n\n    ```bash\n    ./install-demo-cluster.sh --domain <DOMAIN>\n    ```\n\n**Configuration Requirements:**\n\n*   **Domain Name:**  You must have a domain name to configure DNS records for your Octelium cluster. The installation script will likely prompt you for this. Ensure the domain is properly pointed to the IP address of your server.\n\n**Environment Variables:**\n\nThe installation script handles most environment configuration. However, be prepared to provide the following information when prompted:\n\n*   **DOMAIN:** Your domain name.  This is crucial for accessing your Octelium cluster.\n\n**Post-Installation:**\n\nAfter the installation completes, refer to the [First Steps Managing the Cluster](https://octelium.com/docs/octelium/latest/overview/management) guide to start managing your Octelium cluster.","tools":"## Available Tools\n\n- **Modern Remote Access VPN:** Provides a zero trust, L7-aware alternative to traditional VPNs, offering client-based access over WireGuard/QUIC tunnels and client-less access with dynamic, identity-based, context-aware access control via policy-as-code.\n- **Unified ZTNA/BeyondCorp Architecture:** Implements a Zero Trust Network Access (ZTNA) platform/BeyondCorp architecture.\n- **Self-Hosted Infrastructure for Secure Tunnels:** Offers a self-hosted secure tunnels and reverse proxy programmable infrastructure. Example: [Self-Hosted ngrok Alternative](https://octelium.com/docs/octelium/latest/management/guide/service/http/open-source-self-hosted-ngrok-alternative).\n- **Self-Hosted PaaS:** Provides a scalable PaaS-like platform for deploying, scaling, and hosting containerized applications securely and anonymously. Examples:\n    - [Next.js/Vite apps](https://octelium.com/docs/octelium/latest/management/guide/service/http/nextjs-vite)\n    - [Remote VSCode](https://octelium.com/docs/octelium/latest/management/guide/service/homelab/remote-vscode-code-server)\n    - [Remote Ollama](https://octelium.com/docs/octelium/latest/management/guide/service/ai/remote-ollama)\n    - [Pi-hole](https://octelium.com/docs/octelium/latest/management/guide/service/homelab/pihole)\n- **API Gateway:** Functions as a self-hosted, scalable, secure API gateway for managing access, routing, deployment, and scaling of containerized microservices, with authentication, L7-aware authorization, and visibility. Example: [API Gateway](https://octelium.com/docs/octelium/latest/management/guide/service/http/api-gateway).\n- **AI Gateway:** A scalable AI gateway to any AI LLM providers with identity-based, context-aware access control, routing and visibility. Example: [AI Gateway](https://octelium.com/docs/octelium/latest/management/guide/service/ai/ai-gateway).\n- **Unified Zero Trust Access to SaaS APIs:** Provides unified, secret-less access to HTTP-based SaaS APIs for teams and workloads, controlling access on a per-request basis via policy-as-code.\n- **MCP Gateways and A2A-Based Architectures:** A secure infrastructure for Model Context Protocol (MCP) gateways and Agent2Agent Protocol (A2A)-based architectures. Example: [Self-Hosted MCP](https://octelium.com/docs/octelium/latest/management/guide/service/ai/self-hosted-mcp).\n- **Kubernetes Ingress Alternative:** An advanced alternative to Kubernetes Ingress and load balancers, routing to remotely accessible internal resources based on dynamic policy-as-code.\n- **Homelab:** A unified self-hosted Homelab infrastructure to connect and provide secure remote access to all your resources behind NAT from anywhere.\n\n**Core Features:**\n\n- **Dynamic Secret-less Access:** Enables seamless access to resources protected by application-layer credentials without exposing, managing, or sharing secrets. Supported protocols include:\n    - HTTP-based resources: [Secret-less HTTP Access](https://octelium.com/docs/octelium/latest/management/core/service/http#secret-less-access)\n    - SSH: [Secret-less SSH Access](https://octelium.com/docs/octelium/latest/management/core/service/ssh)\n    - Kubernetes clusters: [Secret-less Kubernetes Access](https://octelium.com/docs/octelium/latest/management/core/service/kubernetes)\n    - PostgreSQL and MySQL-based databases: [Secret-less PostgreSQL Access](https://octelium.com/docs/octelium/latest/management/core/service/postgres), [Secret-less MySQL Access](https://octelium.com/docs/octelium/latest/management/core/service/mysql)\n    - mTLS: [Secret-less mTLS Access](https://octelium.com/docs/octelium/latest/management/core/service/secretless#mutual-tls)\n- **Context-Aware, Identity-Based, Application-Layer Aware Access Control:** Provides a centralized, scalable, fine-grained access control system using modular and composable _Policies_ written as code using [CEL](https://cel.dev/) or [OPA](https://www.openpolicyagent.org/). More details: [Policies and Access Control](https://octelium.com/docs/octelium/latest/management/core/policy).\n- **Context-Aware, Identity-Based, L-7 Aware Dynamic Configuration and Routing:** Enables dynamic configuration and routing based on policy-as-code. More details: [Dynamic Configuration](https://octelium.com/docs/octelium/latest/management/core/service/dynamic-config).\n- **Continuous Strong Authentication:** A unified authentication system for human and workload _Users_ supporting:\n    - Web identity providers (IdP) via OpenID Connect or SAML 2.0: [Web Identity Providers](https://octelium.com/docs/octelium/latest/management/core/identity-providers#web-identity-providers)\n    - \"Secret-less\" authentication for workloads via OIDC-based assertions: [Workload Identity Providers](https://octelium.com/docs/octelium/latest/management/core/identity-providers#workload-identity-providers)\n    - Integration with IdPs to control access based on NIST SP 800-63 Authenticator Assurance Levels: [Authenticator Assurance Level](https://octelium.com/docs/octelium/latest/management/core/identity-providers#authenticator-assurance-level)\n- **OpenTelemetry-Ready Auditing and Visibility:** Provides identity and application-layer aware visibility with real-time logging and export to OpenTelemetry OTLP receivers. Examples:\n    - [HTTP Visibility](https://octelium.com/docs/octelium/latest/management/core/service/http#visibility)\n    - [Kubernetes Visibility](https://octelium.com/docs/octelium/latest/management/core/service/kubernetes#visibility)\n    - [PostgreSQL Visibility](https://octelium.com/docs/octelium/latest/management/core/service/postgres#visibility)\n    - [SSH Visibility](https://octelium.com/docs/octelium/latest/management/core/service/ssh)\n- **Effortless, Password-less, Serverless SSH Access:** Enables SSH access even when clients are not running as root. More details: [Embedded SSH Mode](https://octelium.com/docs/octelium/latest/management/core/service/embedded-ssh).\n- **Effortlessly Deploy, Scale and Secure Access to your Containerized Applications as _Services_:** Provides PaaS-like capabilities for deploying, managing, and scaling containerized applications. More details: [Managed Containers](https://octelium.com/docs/octelium/latest/management/core/service/managed-containers).\n- **Centralized, Declarative and Programmable Management:** Allows administration of _Clusters_ via declarative management using `octeliumctl apply`. Quick guide: [Cluster Management](https://octelium.com/docs/octelium/latest/overview/management).  The _Cluster_ is fully programmable using gRPC-based APIs.\n\n**CLI Tools:**\n\n- **`octeliumctl`:** CLI tool used to control all the _Cluster_'s resources in a clean, centralized and declarative way.\n    - Installation:\n        - Linux/MacOS: `curl -fsSL https://octelium.com/install.sh | sh`\n        - Windows (Powershell): `iwr https://octelium.com/install.ps1 -useb | iex`\n    - Usage: `octeliumctl apply` (to reproduce the state of the Octelium _Cluster_)\n- **`octelium`:** (Likely refers to the client application)\n- **`octops`:** (Purpose not explicitly defined in the provided text)","faq":null,"created_at":"2025-05-18T16:56:34+00:00","updated_at":"2025-07-07T16:32:21+00:00","source_url":"https://model-context-protocol.com/clients/octelium","related_articles":[]}