Hi
I want to expose my homelab via Cloudflare tunnels and media streaming via port forward, I will set up opnsense and I’m currently thinking about ways to improve security even more.

• Opnsense 2nd Router
• SSH disabled on Proxmox LXCs and VMs
• SSH on Proxmox host only via Certificate and other port.
• Set up NginxProxyManager and SSL Certificated

Now I thought 2FA is actually a great thing, as it basically eliminates brute force to a bare minimum, but sadly only very little selfhosted things support TOPT so I could use Google Authentificator Codes or Authy…

I looked at Authentik and Authelia, but they seem to be made for different things?

I just need a sevice that can run infront of any webpage and ask for 2-FA, once completed writes a cookie or stores some client id, which is time limited.

Thanks for any suggestions!