Like other people have suggested, maybe it’s a good idea with better featured options supporting many more authentication and authorization options.

My personal pick is Authentik as it supports working as an OpenID, SAML, RADIUS, LDAP, and proxy. While also supporting external users from the likes of LDAP

If I had to guess maybe trusted proxies haven’t been configured for Cloudflare preventing the Auth token from being accepted

I know Authentik supports managing access per role, it’s how it’s meant to be used. https://goauthentik.io/docs/applications#authorization

Seems they have a doc on setting it up with gitlab. https://goauthentik.io/integrations/services/gitlab/

The responses you get here are from people that have already perfected their setup so take them with a grain of salt.

I mean I have my setup running with Traefik, Crowdsec, Authentik and that’s before the request even reaches the application.

2 months ago that was only Traefik.

A year before that I was using Nginx Proxy Manager instead of Traefik because it was easier to manage and understand.

Half the fun is evolving your homelab. Trying to start out with the full stack of things someone suggests is daunting and nearly impossible.

Take things one step at a time. And honestly if you don’t understand what the documentation is talking about, YouTube videos are great. I’ve had to use it lots to understand how Authentik works but now I understand the docs

It depends on how much control and prettiness you want. I use homepage for myself but use Authentik for anyone else. Authentik is an authentication & authorization provider. But logged in users will see which applications they have access to and can navigate to them.

Ps. It does work with Plex as it’s source of users