„Inspired“ from https://lemmy.world/post/287146 and many related questions (also on reddit before).
Why don‘t people like opening Port 443 on their Homerouter? An open Port itself is not a vulnerability because nothing is listening on it, therefore there cannot be any connection established. When forwarding Port 443 From Router to e.g. The Homeservers LoadBalancer / Proxy, this Proxy is the final resolver anyways.
So why doing the more complex and more error prone Route via the VPS / Tailscale / CloudFlare?
I did that some years ago too, but just because i did not have an static IPv4 at home. But speeds were awful and i switched to Routerport + DynDNS and now everything is super performant.
I think Cloudflare Tunnel is awesome for situations where you want to deploy one or two applications without getting a full reverse proxy like Traefik or Nginx handling everything especially if you’re dealing with CGNAT. Also, if you don’t want to manage your own authentication solution for locking down apps, Cloudflare makes these easy to apply to your applications.
So for users who once would have (and still do) open ports directly to each individual application with little to no authentication in between, these solutions offer a turnkey option to fix a lot of things that would otherwise have been out of reach.
OK, i did not think about people opening a port for every application - this would be stupid
Especially when people get into things like Sonarr and Radarr as their first foray into self hosting it’s not hard to see why they might assume that there is security in obscurity and think that there is no risk to opening up those applications directly to the world!