I would like to open an instance of a web server such as nextcloud, synology, etc to the internet. VPN is not possible since recipients are not a prior known. Reverse proxy seems like a good option.
Cloudflare tunnels provide a layer of authentication in front of the web server. But I don’t want Cloudflare having access to my traffic and don’t know a way to add a layer of encryption to keep Cloudflare out of traffic.
I know authelia, but haven’t worked with it.
What are the options?
I use Traefik and Oauth to implement two-factor authentication with single sign-on via Google. Works fine if you don’t mind the requirement that all your users must have a gmail account with Google.