I would like to expose a web server such as the nextcloud to the internet. I want an authentication layer in front of it, as in the Cloudflare Access with ACLs. It will be on a custom domain and end to end encrypted with TLs. I prefer that the proxy in front is managed and secured by a company, since I am not an expert in security.
* Cloudflare Access: This is great, but Cloudflare terminates the TLS which is not acceptable (otherwise I will run the application in the cloud)
* Ngrok: The free tier is limited (doesn’t support custom domains and is too limited in bandwidth), and the pricing of the paid tier doesn’t fit
* A reverse proxy on a VPS with something like Authentik or Teleport in front of it. This would work but I prefer that I don’t configure and maintain the Authentik. It seems risky.
I am looking for recommendations.
If you want someone else to do your auth for you (I.e, sign in with google account before you get proxied to the origin), you will need to allow them to terminate the TLS for you. Otherwise, they won't know the state of the auth mechanism.