I would like to open an instance of a web server such as nextcloud, synology, etc to the internet. VPN is not possible since recipients are not a prior known. Reverse proxy seems like a good option.
Cloudflare tunnels provide a layer of authentication in front of the web server. But I don’t want Cloudflare having access to my traffic and don’t know a way to add a layer of encryption to keep Cloudflare out of traffic.
I know authelia, but haven’t worked with it.
What are the options?
Nginx reverse proxy with keycloak for auth? There are a couple solutions for it, but here is one https://kevalnagda.github.io/configure-nginx-and-keycloak-to-enable-sso-for-proxied-applications
I use Traefik and Oauth to implement two-factor authentication with single sign-on via Google. Works fine if you don’t mind the requirement that all your users must have a gmail account with Google.
zrok.io using the free SaaS together with 0Auth - https://blog.openziti.io/the-zrok-oauth-public-frontend