Sunray Zero Trust · Source Available · v1.0

Zero Trust Web Security,
sovereign and invisible.

Sunray protects your web applications with FIDO2 passkeys — no passwords,
no code changes, no dependency on a third-party cloud.

Passkeys WebAuthn · Transparent reverse proxy · Self-hosted

Get started for free → View the architecture
17 delivered capabilities
2 production Workers
40+ audit events
Billing in beta

Our philosophy

Security is friction,
not a feature.

So let's make it affordable, usable and invisible.

01

Affordable

One published price, no surprises. €9/month for 20 users, +€1/user beyond that. Core is free. No per-feature negotiation. No surprises.

02

Usable

Passkeys first — zero client to install, zero password to remember. Enrollment via single-use setup tokens. Authentication becomes a natural gesture.

03

Invisible

Transparent reverse proxy or ForwardAuth middleware. Your apps are never modified. The Server stays off the critical path — your users never see it.

Everything to secure without blocking

17 capabilities delivered in production · Core free + Enterprise at €9/month

🔑

Passkeys WebAuthn FIDO2

Host-scoped credentials. Replay detection by counter. Single-use, CIDR-restricted, SHA-512 enrollment tokens. Zero passwords.

🚫

Locked-by-default model

All traffic is authenticated except explicit exceptions. Reusable rules library: Public / CIDR / Token — drag-drop priorities.

🔀

Transparent reverse proxy

Your existing application needs no modification. FastAPI ForwardAuth (Traefik / Nginx / Caddy) or Cloudflare Worker (edge).

Offline resilience

Double TTL — Workers serve from their cache even during a Server outage. Zero service interruption for your users.

📋

Forensic audit 40+ events

Server-side log for every authentication, passkey, session, security violation, Worker migration. Queryable by type, IP, time range.

📊

Admin UI + Analytics Dashboard

Odoo Community Framework interface for users, hosts, rules, sessions, workers. ChartJS dashboard seeded with Protected Hosts, Users, Setup Tokens.

All features →

Up and running in 4 steps

From zero to production in 5 to 30 minutes per application

01

Deploy Sunray Server

The management plane — built on Odoo Community Framework. Hosts users, passkeys, hosts and access rules.

02

Choose your Worker

FastAPI Worker (on-prem / VM / container, ForwardAuth Traefik/Nginx/Caddy) or Cloudflare Worker (global edge, native WAF).

03

Register your passkeys

Invite your users via setup tokens — they register their biometric passkey on first access. Zero client to install.

04

Your apps are protected

Every access is validated by passkey. Zero password, zero VPN, zero friction. The Server never blocks the critical path.

Request flow

The Server is never on the critical path — Workers serve from their cache

Request flow
🧑‍💻 User Browser
HTTP request
Sunray Worker validates passkey
if authenticated
📦 Your App unchanged
sync config
Sunray Server off the critical path control plane

The Server synchronises configuration with Workers (passkeys, rules, sessions) but never sees user traffic. If the Server goes down, Workers continue serving from their cache — zero interruption.

Deployed. Verified. Daily.

Sunray runs in production across multiple environments

Muppy
• Production

Internal development infrastructure. In production for several months (2025–2026) with daily traffic.

Manganese
• Production

Multi-tenant PaaS. Sunray protects client App Servers via inouk_scp_manganese. Daily multi-client traffic.

Adekia
• Production since May 2026

First autonomous external client. Deployment completed in 2026 — validates the full flow on an independent third-party environment.

Explore Sunray

Features

Sunray's 17 capabilities, Core and Enterprise, in detail.

See features →
🏗️

Architecture

Server, Workers, SCP — the components and how they fit together.

See architecture →
💰

Pricing

Core free · Enterprise €9/month for 20 users.

See pricing →

Frequently asked questions about Sunray

What is Sunray and how is it different from a VPN?

Sunray is a Zero Trust security solution based on FIDO2/WebAuthn passkeys. Unlike a VPN, it requires no client to install and no tunnel to configure. Users authenticate with their fingerprint or Face ID directly in the browser. Sunray acts as a reverse proxy in front of your applications without modifying a single line of your code.

Do I need to modify my application code to use Sunray?

No. Sunray sits in front of your existing application as a reverse proxy (FastAPI ForwardAuth compatible with Traefik, Nginx, Caddy) or as a Cloudflare Worker. Your application is unaware of Sunray — it simply receives already-authenticated requests.

How much does Sunray cost?

Sunray is available at €9/month for 20 users, with +€1 per additional user. The core is free and open-source. No per-feature negotiation, no surprises.

Is Sunray used in production?

Yes. Sunray protects Muppy’s internal infrastructure and the Manganese multi-tenant PaaS since 2025. Adekia is the first autonomous external customer, deployed on 7 May 2026 — validating the full flow on an independent third-party environment.

Is Sunray compatible with Traefik, Nginx and Cloudflare?

Yes. You choose the Worker that fits your infrastructure: the FastAPI Worker integrates via ForwardAuth with Traefik, Nginx or Caddy on your on-premise servers or VMs; the Cloudflare Worker runs at the global edge with native WAF included. Both are available in the standard plan.

Ready to secure your applications?

Installation in 5 to 30 minutes · No modification to your code

Get started for free → Contact us