Only downside seems to be the Performance of tunnels in Containers.
I use them for my personal Website, did a bit of Loadtesting and was able to get significantly more RPS without the CF Tunnel. Might be something on my end tho, not sure.
That's interesting. Cloudflare tunnels do a few things that I expected to to make it perform better in general: obviously TLS termination on CF's side where they likely have faster hardware doing that (at least faster than many customers), then the keep-alive sockets for tunnel<->CF, and I think they use UDP/QUIC for the tunnel<->CF connection[0] which I figure could remove some latency.
You don't have to expose any ports to the internet, preventing people from finding and directly attacking your origin servers.
Only downside seems to be the Performance of tunnels in Containers. I use them for my personal Website, did a bit of Loadtesting and was able to get significantly more RPS without the CF Tunnel. Might be something on my end tho, not sure.
That's interesting. Cloudflare tunnels do a few things that I expected to to make it perform better in general: obviously TLS termination on CF's side where they likely have faster hardware doing that (at least faster than many customers), then the keep-alive sockets for tunnel<->CF, and I think they use UDP/QUIC for the tunnel<->CF connection[0] which I figure could remove some latency.
[0]: `lsof -i | grep cloudfl` shows me 4 UDP connections & 1 TCP
Makes firewall/ACL administration much simpler for one. Also makes it easier to hide and/or rotate origin IPs.