Only downside seems to be the Performance of tunnels in Containers.
I use them for my personal Website, did a bit of Loadtesting and was able to get significantly more RPS without the CF Tunnel. Might be something on my end tho, not sure.
That's interesting. Cloudflare tunnels do a few things that I expected to to make it perform better in general: obviously TLS termination on CF's side where they likely have faster hardware doing that (at least faster than many customers), then the keep-alive sockets for tunnel<->CF, and I think they use UDP/QUIC for the tunnel<->CF connection[0] which I figure could remove some latency.
Whats the reason for using tunnels and not just ip addresses?
You don't have to expose any ports to the internet, preventing people from finding and directly attacking your origin servers.
Only downside seems to be the Performance of tunnels in Containers. I use them for my personal Website, did a bit of Loadtesting and was able to get significantly more RPS without the CF Tunnel. Might be something on my end tho, not sure.
That's interesting. Cloudflare tunnels do a few things that I expected to to make it perform better in general: obviously TLS termination on CF's side where they likely have faster hardware doing that (at least faster than many customers), then the keep-alive sockets for tunnel<->CF, and I think they use UDP/QUIC for the tunnel<->CF connection[0] which I figure could remove some latency.
[0]: `lsof -i | grep cloudfl` shows me 4 UDP connections & 1 TCP
Makes firewall/ACL administration much simpler for one. Also makes it easier to hide and/or rotate origin IPs.
I hate that Shopify app has cloudflare tunnels ingrained by default. You can use other tunnels, i.e. ngrok, but it's a lot more manual with the setup.