https://homelab.nbkelley.com/tags/authentication/ Recent content in Authentication on homelab Hugo en Fri, 01 May 2026 00:00:00 +0000 https://homelab.nbkelley.com/docs/security/cloudflare-access-setup/ Fri, 01 May 2026 00:00:00 +0000 https://homelab.nbkelley.com/docs/security/cloudflare-access-setup/ <h1 id="cloudflare-access-setup-for-protected-sections">Cloudflare Access Setup for Protected Sections<a class="anchor" href="#cloudflare-access-setup-for-protected-sections">#</a></h1> <h2 id="what-was-established">What Was Established<a class="anchor" href="#what-was-established">#</a></h2> <ul> <li>Methodology for securing specific website paths or subdomains using Cloudflare Zero Trust Access.</li> <li>Authentication bypasses traditional <code>.htaccess</code> or server-side auth; Cloudflare handles it at the edge.</li> <li>Prerequisites: Cloudflare domain, Paid/Zero Trust plan (free tier supports up to 50 users).</li> </ul> <h2 id="key-decisions">Key Decisions<a class="anchor" href="#key-decisions">#</a></h2> <ul> <li><strong>Identity Provider Choice</strong>: One-time PIN (OTP) recommended for simplicity and shared access without managing user lists. Alternatives include Google/GitHub or specific email allowlists.</li> <li><strong>Policy Structure</strong>: &ldquo;Allow Authenticated Users&rdquo; policy with wildcard email matching (<code>*</code>) or specific domain matching (<code>*@domain.com</code>).</li> <li><strong>Edge-Based Protection</strong>: No server-side configuration changes required; protection occurs before requests hit the origin server.</li> </ul> <h2 id="current-configuration">Current Configuration<a class="anchor" href="#current-configuration">#</a></h2> <ul> <li>Pattern established but not yet applied to specific homelab services.</li> <li>Relevant to Nginx Proxy Manager (192.168.1.222) or Proxmox (192.168.1.69) admin interfaces if routed through Cloudflare.</li> </ul> <h2 id="historical-notes">Historical Notes<a class="anchor" href="#historical-notes">#</a></h2> <ul> <li>Conversation date: 2025-11-24.</li> <li>Focuses on the Cloudflare Zero Trust dashboard workflow for self-hosted applications.</li> <li>No changes to existing Cloudflare SSL/DNS integration patterns.</li> </ul> <h2 id="open-questions">Open Questions<a class="anchor" href="#open-questions">#</a></h2> <ul> <li>Which homelab services will leverage Cloudflare Access for admin/protected paths?</li> <li>Will static IP bypass policies be implemented for homelab admin access?</li> </ul> <h2 id="related-pages">Related Pages<a class="anchor" href="#related-pages">#</a></h2> <ul> <li><a href="https://homelab.nbkelley.com/docs/security/cloudflare_integration/">Cloudflare Integration: SSL &amp; DNS</a></li> <li><a href="https://homelab.nbkelley.com/docs/services/hinterflix-help-site/">Hinterflix Help Site - Cloudflare Deployment</a></li> <li><a href="https://homelab.nbkelley.com/docs/networking/proxy-management/">Proxy Management &amp; Cloudflare Tunnels</a></li> </ul> <h2 id="sources">Sources<a class="anchor" href="#sources">#</a></h2> <ul> <li><code>ingested/chats/117-Setting Up Cloudflare Access for Website Protection.md</code></li> <li>DeepSeek conversation: 2025-11-24 (Setting Up Cloudflare Access for Website Protection)</li> </ul> https://homelab.nbkelley.com/docs/administration/git-push-authentication/ Fri, 01 May 2026 00:00:00 +0000 https://homelab.nbkelley.com/docs/administration/git-push-authentication/ <h1 id="git-push-authentication">Git Push Authentication<a class="anchor" href="#git-push-authentication">#</a></h1> <h2 id="what-was-established">What Was Established<a class="anchor" href="#what-was-established">#</a></h2> <ul> <li>GitHub deprecated password authentication for Git over HTTPS. Even if passwords worked previously, they are now rejected with <code>password not supported</code>.</li> <li>Personal Access Tokens (PAT) or SSH keys are required for authentication.</li> <li>403 Permission Denied errors typically indicate stale cached credentials or insufficient token scopes.</li> </ul> <h2 id="key-decisions">Key Decisions<a class="anchor" href="#key-decisions">#</a></h2> <ul> <li>Use Personal Access Tokens (PAT) for HTTPS Git operations.</li> <li>Classic tokens require the <code>repo</code> scope for private repositories.</li> <li>Fine-grained tokens require <code>Contents</code> (Read and write) and <code>Metadata</code> (Read) permissions, explicitly scoped to the target repository.</li> </ul> <h2 id="current-configuration">Current Configuration<a class="anchor" href="#current-configuration">#</a></h2> <ul> <li><strong>GitHub Username</strong>: <code>NK-Iluvatar</code></li> <li><strong>Target Repository</strong>: <code>MBTADashboard</code></li> <li><strong>Remote URL</strong>: <code>https://github.com/NK-Iluvatar/MBTADashboard.git</code></li> </ul> <h2 id="historical-notes">Historical Notes<a class="anchor" href="#historical-notes">#</a></h2> <ul> <li><strong>Password Deprecation</strong>: GitHub enforced its 2021 policy change retroactively, blocking account passwords for Git operations over HTTPS.</li> <li><strong>403 Troubleshooting</strong>: Resolved by clearing cached credentials (<code>git credential reject</code> or OS credential manager) and verifying token scopes (<code>repo</code> for classic, <code>Contents</code> for fine-grained).</li> <li><strong>Token Testing</strong>: Verified token validity using <code>curl -H &quot;Authorization: token TOKEN&quot; https://api.github.com/user</code>.</li> </ul> <h2 id="open-questions">Open Questions<a class="anchor" href="#open-questions">#</a></h2> <ul> <li>None.</li> </ul> <h2 id="related-pages">Related Pages<a class="anchor" href="#related-pages">#</a></h2> <ul> <li>Git Pull Strategies</li> <li><a href="https://homelab.nbkelley.com/docs/services/homelab-dashboard/">Homelab Dashboard</a></li> </ul> <h2 id="sources">Sources<a class="anchor" href="#sources">#</a></h2> <ul> <li>DeepSeek conversation (2026-02-18) regarding <code>MBTADashboard</code> push failures and PAT configuration.</li> </ul>