With Cloudflare's tunnels, there's no longer even a need to allow direct connections from the outside world.
In my own testing it wasn't too terrible to setup firewall rules and mutual TLS-based authentication of origin pulls, but it is certainly something where you have to do everything right to be as secure as you think you are. Versus just closing off inbound connections entirely and running cloudflared
In my own testing it wasn't too terrible to setup firewall rules and mutual TLS-based authentication of origin pulls, but it is certainly something where you have to do everything right to be as secure as you think you are. Versus just closing off inbound connections entirely and running cloudflared