Hi
I want to expose my homelab via Cloudflare tunnels and media streaming via port forward, I will set up opnsense and I’m currently thinking about ways to improve security even more.
- Opnsense 2nd Router
- SSH disabled on Proxmox LXCs and VMs
- SSH on Proxmox host only via Certificate and other port.
- Set up NginxProxyManager and SSL Certificated
Now I thought 2FA is actually a great thing, as it basically eliminates brute force to a bare minimum, but sadly only very little selfhosted things support TOPT so I could use Google Authentificator Codes or Authy…
I looked at Authentik and Authelia, but they seem to be made for different things?
I just need a sevice that can run infront of any webpage and ask for 2-FA, once completed writes a cookie or stores some client id, which is time limited.
Thanks for any suggestions!
With nginx, you shouldn’t need to forward any ports beyond 80/443
For really simple auth, check out Cloudflare Zero Trust