Cloudflare & Authelia

Cloudflare Zero Trust allows users to register their own Single Sign On (SSO) provider by utilising the OpenID Connect Protocol. We can now protect our self hosted applications with Authelia

Access Configuration

To reverse proxy an application behind Cloudflare Access. We need to create an "Application" within the Cloudflare Zero Trust dashboard

Naviagate to Access > Applications > Add an Application > Self-Hosted. Enter the domain name you wish the application to have. Cloudflare will automatically create the DNS Record

Follow the Policies and Authentication pages and set the settings you would like to configure for the specific application

Click Save

Tunnel Configuration

We now need to tell Cloudflare how to route to our self-hosted application. Navigate to Access > Tunnels > Tunnel-Name > Configure > Public Hostname > Add a Public Hostname

Once saved, Cloudflare will automatically push the configuration to our Tunnel and the site should be immediatelly accessible via Cloudflare Zero Trust and protected by Authelia via OpenID Connect