With Cloudflare Tunnels, if you disable TLS decryption, use Full or Full (strict), and verify that the certificate in your browser is yours and not Cloudflare’s certificate, wouldn’t that mean that the SSL is unbroken from your server to the browser? Or can these options not be used with Cloudflare Tunnels?

This type of tool is interesting, and provides some of the functionality that Cloudflare Tunnel does, but with frp, a vulnerability in your app (or its login screen) could be more easily exploited since you don’t have the traffic protection features that Cloudflare provides, right? Maybe combining this with fail2ban (or is there another similar self-hosted tool) would not only act as a proxy but also help protect your app to a degree like Cloudflare does?

Right, so I’m trying to determine if that is worse or if exposing a service without Cloudflare (and being more at risk from someone trying to break into my service because of not having the monitoring/protection Cloudflare provides) is worse.

For most things I agree but I this case I’m thinking of a service where you want to have a group of people access and they all aren’t willing or tech-saavy enough to install a VPN