Thanks for watching!

Hey there, great questions! For the public server, using CF tunnels does not require you to expose any ports at all. The alternative is using something like Let's Encrypt which requires you to open ports 80 (HTTP) and 443 (HTTPS) on the machine and also manage certificate renewal. With the tunnel, your server doesn't have to expose any of these ports. Plus, all traffic is routed through Cloudflare, which scans for known vulnerabilities and attacks. It can also shut down access to the machine if it detects any malicious patterns, or require additional authentication (username + password, Google Login, ..) This is a feature that you would have to build yourself as well. As for the private server, it is mostly the same thing. You don't expose the network per-se to the internet. If you run a cluster of Docker containers then you can configure the Cloudflare container to only have access to a specific container and port. So the requests don't even have access to the Docker host machines, or other servers in your network (unless you want to). Does that answer your questions?