Access on homelab https://homelab.nbkelley.com/tags/access/ Recent content in Access on homelab Hugo en Fri, 01 May 2026 00:00:00 +0000 Cloudflare Access Setup for Protected Sections https://homelab.nbkelley.com/docs/security/cloudflare-access-setup/ Fri, 01 May 2026 00:00:00 +0000 https://homelab.nbkelley.com/docs/security/cloudflare-access-setup/ <h1 id="cloudflare-access-setup-for-protected-sections">Cloudflare Access Setup for Protected Sections<a class="anchor" href="#cloudflare-access-setup-for-protected-sections">#</a></h1> <h2 id="what-was-established">What Was Established<a class="anchor" href="#what-was-established">#</a></h2> <ul> <li>Methodology for securing specific website paths or subdomains using Cloudflare Zero Trust Access.</li> <li>Authentication bypasses traditional <code>.htaccess</code> or server-side auth; Cloudflare handles it at the edge.</li> <li>Prerequisites: Cloudflare domain, Paid/Zero Trust plan (free tier supports up to 50 users).</li> </ul> <h2 id="key-decisions">Key Decisions<a class="anchor" href="#key-decisions">#</a></h2> <ul> <li><strong>Identity Provider Choice</strong>: One-time PIN (OTP) recommended for simplicity and shared access without managing user lists. Alternatives include Google/GitHub or specific email allowlists.</li> <li><strong>Policy Structure</strong>: &ldquo;Allow Authenticated Users&rdquo; policy with wildcard email matching (<code>*</code>) or specific domain matching (<code>*@domain.com</code>).</li> <li><strong>Edge-Based Protection</strong>: No server-side configuration changes required; protection occurs before requests hit the origin server.</li> </ul> <h2 id="current-configuration">Current Configuration<a class="anchor" href="#current-configuration">#</a></h2> <ul> <li>Pattern established but not yet applied to specific homelab services.</li> <li>Relevant to Nginx Proxy Manager (192.168.1.222) or Proxmox (192.168.1.69) admin interfaces if routed through Cloudflare.</li> </ul> <h2 id="historical-notes">Historical Notes<a class="anchor" href="#historical-notes">#</a></h2> <ul> <li>Conversation date: 2025-11-24.</li> <li>Focuses on the Cloudflare Zero Trust dashboard workflow for self-hosted applications.</li> <li>No changes to existing Cloudflare SSL/DNS integration patterns.</li> </ul> <h2 id="open-questions">Open Questions<a class="anchor" href="#open-questions">#</a></h2> <ul> <li>Which homelab services will leverage Cloudflare Access for admin/protected paths?</li> <li>Will static IP bypass policies be implemented for homelab admin access?</li> </ul> <h2 id="related-pages">Related Pages<a class="anchor" href="#related-pages">#</a></h2> <ul> <li><a href="https://homelab.nbkelley.com/docs/security/cloudflare_integration/">Cloudflare Integration: SSL &amp; DNS</a></li> <li><a href="https://homelab.nbkelley.com/docs/services/hinterflix-help-site/">Hinterflix Help Site - Cloudflare Deployment</a></li> <li><a href="https://homelab.nbkelley.com/docs/networking/proxy-management/">Proxy Management &amp; Cloudflare Tunnels</a></li> </ul> <h2 id="sources">Sources<a class="anchor" href="#sources">#</a></h2> <ul> <li><code>ingested/chats/117-Setting Up Cloudflare Access for Website Protection.md</code></li> <li>DeepSeek conversation: 2025-11-24 (Setting Up Cloudflare Access for Website Protection)</li> </ul>