docs: wip outline of access docs

docs/content/1.docs/3.recipes/6.cloudflare-access.md

@@ -0,0 +1,43 @@
+---
+title: Cloudflare Access
+navigation.title: Cloudflare Access
+description: Learn how to use Cloudflare Access to protect your Nuxt application deployed on Cloudflare Pages.
+---
+
+explain what cloudflare access is
+
+nuxthub compatible and integration makes dashboard & remote storage work with access.
+
+## Setup Cloudflare Access
+
+setting up nuxthub on a deployed project
+
+important: nuxt.dev domain no work with integration due to cf limitation. if nuxt.dev domain is default, on enable default becomes pages.dev.
+
+- create service token in cf zero trust dash
+  - name can be nuxthub project name
+- paste the tokens into nuxthub -> settings -> general -> cloudflare access
+- cf dash -> pages -> <project> -> settings -> general -> access policy -> enable
+  - it'll make an access application with the preview domain by default, and add all members of the pages project via email auth
+- edit access application
+  - add new policy "service auth", drag it to be first, edit it then select the created service token
+    - image
+  - optionally add other domains to access project, like main domain or custom domains to protect them too.
+    - default is just preview pages.dev domains
+  - configure your access policies
+    - link to cf access docs for making policies
+
+### Importing Pages projects
+
+- currently create access app with bypass policy for /api/_hub for everyone
+- planned to support importing existing pages projects with access in the future
+
+## Remote development
+
+in .env set NUXT_HUB_CLOUDFLARE_ACCESS_CLIENT_ID and NUXT_HUB_CLOUDFLARE_ACCESS_CLIENT_SECRET to a service token added to access policy
+
+tip: service token doesn't need to match dev/can be different/just needs to be assigned to access policy
+
+## CLI
+
+set env var NUXT_HUB_CLOUDFLARE_ACCESS_CLIENT_ID and NUXT_HUB_CLOUDFLARE_ACCESS_CLIENT_SECRET