So, I've been self hosting for about a year now, and up until now, I've used Cloudflare Tunnels to expose my services to the internet. Everything has worked just fine with CF tunnels, but being the tinkerer that I am, I've decided to try new things out and hopefully expand my knowledge when it comes to self hosting.
So here I am now running NGINX Proxy Manager and I'm trying to get everything set up properly.
I've got NPM up and running and I can access my services over it. My domain is managed via Cloudflare so I have A records set up in CF pointing it to the public IP of my VPS.
Here are the questions I've got:
In your opinion, should I turn on the DNS proxy on the Cloudflare A record?
Do I need the Let's Encrypt certificates if I turned on the DNS proxy in Cloudflare?
Is it possible to use my own Let's Encrypt certificates while proxying the DNS in Cloudflare? (Would that prevent Cloudflare from seeing the traffic?)
Is there any difference between creating a proxied A record in Cloudflare that points to the public IP of my VPS vs having Cloudflare Tunnels pointing to NPM locally?
If I don't want to use Cloudflare as an additional proxy to NPM, should I install Crowdsec?
Thanks!
Cloudflare Access would be the simplest solution imo. You just add their email address to the whitelist and have them access the site, they'll have to enter their email and then they will get a one time code sent to their email which then they could authenticate with.