Presumably, my understanding of Cloudflare is too simple, too rudimentary, or even entirely lacking in some aspects.

As far as I understand it, the main feature is just faster and more reliable access to sites, right?

If I host a website on a server in New York, and someone tries to look at it in Tokyo ... that's a long distance and a lot of potential hops to retrieve the file(s) directly from the NY machine. Cloudflare provides closer-location mirrors of websites so there is less lag time, plus having multiple copies makes my website more readily/reliably available.

That's good, I get that, especially for big, professional business-critical-type sites/services.

But it's not actually essential, is it? Anyone, anywhere on Earth could still visit my NY website w/o the existence of Cloudflare.

Is there more to Cloudflare than this? I realize they are getting into a variety of 2ndary "value-added"-type features, like their own "are you a robot" tests and probably a bunch of other stuff I don't know about ... but fundamentally, are they actually necessary for the Internet?

Why is Cloudflare such a big deal?

I am a big fan of Cloudflare Tunnels, it's let me muck about with quite a few low risk apps and it's been fun.

one thing that's always bothered me though is the SSL setup.

According to their website, only enterprise users are allowed to manage their own TLS private keys.

I can kinda understand the logic behind free accounts not having that perk.

But if you are someone who really doesn't like cloudflare reading your traffic or you are a business, it seems odd to me that it's not being demanded of cloudflare that they make it more available for paid users to not expose their TLS private keys to cloudflare.

Why are so many folks OK with cloudflare essentially being able to read all their traffic?

or am I overestimating how many people are using the Pro and Business account? is the majority of their users just Free or Enterprise?

I have a server running Unraid at home. I have ~20 docker containers running at the moment with almost all of them only available within my local network. I just stood up an instance of Seafile on the server to act as a google drive replacement. Still in the early test phase before I commit to throwing important stuff on there. I have my domain proxied through Cloudflare so none of my local ports are exposed to the internet. Seafille has complicated passwords set for admin and user accounts (generated with Bitwarden, hot damn I love that app). I also enabled 2FA on each account. I know that I can further clamp it down using some of Cloudflare's extra access controls but in my admittedly limited experience, those all cause issues getting an app to authenticate with the service. Web apps don't have this issue of course.

So am I ok with this setup? I can encrypt the data before uploading easily as it's a built in feature of Seafile. Or would it be better to just run with local only and run a VPN to access when I'm outside?

I figure just about any effort along these lines I trust more than Google with my data. But I may be overconfident in that perhaps. I'm still learning the ropes with Linux and self-hosting in general.

It is late... and I am pretty much finished with migrating to a new VPS provider. I got rate limited with two domains, but I'm running everything through Cloudflare. Do I need to bother with LetsEncrypt on the VPS itself? When I check the domains, the certs from CF are working nicely.

This is my first time using CF.

Quick edit while I pretend I can sleep.

I’m thinking that CF will cover me for 443 and route all traffic there. I’ve got wildcards set for domains with services that require other ports — which is working. All CF is doing is caching my sites, right?