https://blog.cbugk.com/tags/cloudflare/ Recent content in Cloudflare on cbugk's blog Hugo -- 0.140.2 en-us Wed, 28 Jan 2026 11:12:00 +0300 https://blog.cbugk.com/post/letting-auditors-into-hypervisors/ Wed, 28 Jan 2026 11:12:00 +0300 https://blog.cbugk.com/post/letting-auditors-into-hypervisors/ <h2 id="introduction">Introduction</h2> <p>I would like to showcase an internet-accessible, hardened homelab some time in 2026. Before I forget, I need to document how to let people log into my Proxmox nodes with their Google accounts as auditors. This post assumes that network access has been provided one way or another.</p> <h2 id="ingredients">Ingredients</h2> <ol> <li>A domain name (managed by CloudflareDNS)</li> <li>PVE 9.1: Just-In-Time login target</li> <li>Cloudflared (for exposing Authentik&rsquo;s ACME client)</li> <li>Authentik: OpenID login broker</li> <li>Google Cloud - Google Auth Platform Client</li> <li>A Google account</li> <li>Chatbot of your liking</li> </ol> <h2 id="pre-requisites">Pre-Requisites</h2> <h3 id="proxmox-ve-with-https">Proxmox VE with HTTPS</h3> <p>For authentication to work, services being exposed should have secured subdomains. This <a href="https://weblog.lkiesow.de/20240114-pve-acme-cloudflare.html">short blog by Ikiesow</a> covers most of the process. Create API key from Cloudflare dashboard to be used by Proxmox VE under Datacenter/ACME for DNS-01 or HTTP-01 challanges.</p>