I am currently using Cloudflare as my DNS for personal services I am hosting all with Let’s Encrypt certificates behind HA Proxy on my pfSense box. I really like the idea of using Cloudflare’s reverse proxy and adding rules to my firewall to only allow port 443 from their servers. However, I’m not crazy about them being the man-in-the-middle. Has anyone considered setting up a reverse proxy in the cloud and pointing that to their home network IP? You could then block all external access on the home WAN but the external access from your proxy in the cloud effectively limiting the threat surface of my home IP. I realize the data sent through the cloud would be monitored but even the $5 Linode compute plan allows for 1TB of transfer data and I realistically don’t think I would ever hit that (even if I did it would be $10 per TB over that). Let me know if I’m crazy or missing something.
CF gives a lot more services than just being a reverse proxy. I’m aware you might be skeptical of what other things they may do with the data however. If you set up you’re own reverse proxy in the cloud – are you planning on using a VPN from VPS to home?
Yes, I was originally thinking encryption with Let’s Encrypt certs but would probably do VPN if addition to that.