[cma]

"Using a CF Tunnel implies that all SSL encrypted connections will be decrypted by Cloudflare, the connections data exists on their servers in plain text and then is re-encrypted for the transport to the user."

https://www.reddit.com/r/selfhosted/comments/133rr6n/about_c...

Is that true? Then third party doctrine would apply and you have to trust them more right?

[manchmalscott]

I don’t believe any proxy could route traffic dynamically the way cf tunnels (and traefik for that matter) do without being able to read the unencrypted http requests. That’s a trade off I’m making and aware of, because I don’t want to use a VPN to access my services. (Another big trade off is cf only tunnels HTTP traffic, so I can’t use SSH keys to reach my self hosted gitea repos. Honestly that’s a bigger motivator to me to find another solution)