Hi everyone, I’m currently running a Proxmox setup with several LXC containers and two VMs. I want to secure external access to my services using Authelia (or potentially PocketID), but I’ve hit a wall with the configuration. My current stack: • DNS/WAF: Cloudflare • Reverse Proxy: Nginx Proxy Manager (NPM) • Hypervisor: Proxmox The Flow: My domain queries hit Cloudflare -> redirected via DNS to my NPM -> NPM routes traffic to the specific local IP/port of the container or VM. The Problem: I tried setting up Authelia, but I’m struggling to get the configuration right between Cloudflare's proxying and NPM’s header handling. It feels like I’m going in circles with the middleware settings. My Questions: 1. Security vs. Necessity: Since I am already using Cloudflare (which offers WAF and some level of protection), do I actually need a self-hosted solution like Authelia or PocketID for an extra layer of MFA/SSO? Or is it redundant for a home lab? 2. Configuration Help: If it is worth it, could someone point me to a reliable guide or share their configuration for Authelia + NPM + Cloudflare? Specifically, how to handle the "X-Forwarded-For" headers and the authentication bypass for certain internal IPs? I’m looking for a balance between "bulletproof security" and "not breaking my head every time I add a new service." Thanks in advance for any advice!