All these answers are wrong. If you use cloudflare you’re giving them all your data unencrypted as that’s how reverse proxying for them works.

I use authelia and trillium and the oidc implementation is bad. It works but it double consent screens even with implicit etc

The app itself is ok. Pretty useful from time to time to plan a project

There’s a good reason all stuff you buy is zigbee or zwave.

Otherwise this is an inevitably

The whole point of mTLS is that you dont need to use a VPN to achieve that same security.

Sad that mTLS support is non existent because it solves this problem.

Using cloudflare tunnels means nothing is encrypted and cloudflare sees all.

This.

deleted by creator

Disappointed to see the cloud people preaching uptime when most cloud offerings have severe downtime issues weekly.

Stop living in a bubble.

Github was down yesterday and that isn’t fun.

Stuff still goes down all the time on the cloud. More than on prem in my experience.

They don’t even properly track their downtime and lie about 99.9

Wireguard doesn’t send anything back if the key is not correct.

Because of this, Tailscale port swapping is inconsequential vs wireguard here.

Tailscale transfers trust of your VPN subnet to a third party, which is a real security concern.

I agree SSH service will be attacked if they are plainly exposed, out of date and allow login challenges.

Also agree that under or misconfiguration is a massive cause for security issues.

Authelia does support oidc and its amazing.

https://developers.cloudflare.com/cloudflare-one/policies/gateway/http-policies/tls-decryption/

https://community.cloudflare.com/t/does-cloudflare-proxy-servers-decrypt-my-data/145691

Afaik, they decrypt and recrypt all traffic.

I just don’t see the point of using cloudflared. Its easy to use but it just gives all your data to cloudflare in return for very little.

You should try it.