I have a server running Unraid at home. I have ~20 docker containers running at the moment with almost all of them only available within my local network. I just stood up an instance of Seafile on the server to act as a google drive replacement. Still in the early test phase before I commit to throwing important stuff on there. I have my domain proxied through Cloudflare so none of my local ports are exposed to the internet. Seafille has complicated passwords set for admin and user accounts (generated with Bitwarden, hot damn I love that app). I also enabled 2FA on each account. I know that I can further clamp it down using some of Cloudflare's extra access controls but in my admittedly limited experience, those all cause issues getting an app to authenticate with the service. Web apps don't have this issue of course.

So am I ok with this setup? I can encrypt the data before uploading easily as it's a built in feature of Seafile. Or would it be better to just run with local only and run a VPN to access when I'm outside?

I figure just about any effort along these lines I trust more than Google with my data. But I may be overconfident in that perhaps. I'm still learning the ropes with Linux and self-hosting in general.

It is late... and I am pretty much finished with migrating to a new VPS provider. I got rate limited with two domains, but I'm running everything through Cloudflare. Do I need to bother with LetsEncrypt on the VPS itself? When I check the domains, the certs from CF are working nicely.

This is my first time using CF.

Quick edit while I pretend I can sleep.

I’m thinking that CF will cover me for 443 and route all traffic there. I’ve got wildcards set for domains with services that require other ports — which is working. All CF is doing is caching my sites, right?