Authentication for sub/addon domains

[DrSpaldo]

Hi, I am currently using the Cloudflared addon for HA, which is great because HA has login options as well as 2FA.

The problem is my addon domain / sub domain that say will host another service, does not have any login function. How has anyone set up the user and/or password authentication to keep the subdomain secure?

[skynet01]

The easiest way is to turn on Zerto Trust feature in Cloudflare, it's under Access tab. You then add any authentication service you want ex: Google or Github to verify against your own list of allowed users. This is best set up as it also blocks attacks and stops haxors before it even gets to Cloudflared.

Alternatively ...
You can use Nginx Proxy Manager (NPM) addon in HA to add authentication to any subdomain. Basically traffic will hit cloudflared first then pass it to Nginx Proxy Manager and then NPM will pass the traffic further.

[DrSpaldo]

Thanks for the reply @skynet01 , I’ve turned on Zero Trust and then I’ve gone into the teams dashboard. But, that’s where I get stuck, I can’t work out where to turn on the authentication or where I list what users are allowed into the site

[AlecRust]

https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/self-hosted-apps/

More: https://community.home-assistant.io/t/new-add-on-cloudflared/361637/293

[skynet01]

Here, I made a 5 step easy guide: https://community.home-assistant.io/t/new-add-on-cloudflared/361637/314?u=skynet01

[DrSpaldo]

Here, I made a 5 step easy guide: https://community.home-assistant.io/t/new-add-on-cloudflared/361637/314?u=skynet01

Thanks very much @skynet01 , I’m just deciding between the authentication service such as GitHub or just emailing the code.

I wasn’t sure if I needed to add a deny/block everything and then allow mine as well or it just adding the limited allow will cover it. Hopefully that makes sense

[skynet01]

Just doing allow should cover it