I had self-hosted services on a Raspberry Pi using Docker in my college room. Since I couldn’t set up port forwarding, I couldn’t enable HTTPS for them. I know that I can still have https without port forwarding but it is not straightforward and difficult for me. And, I used cloudflare tunnel to access them from outside my college network. When I access them using cloudflare tunnel, it uses HTTPS. However, I found conflicting information online about the connection between the server and cloudflare, with some sources saying it’s HTTP and others saying it’s HTTPS. What’s true?
The answer depends on how you’re serving your content. Based on what you’ve described about your setup, your content is likely served over HTTP through the secured tunnel. The tunnel acts like an encrypted VPN, which allows unencrypted content to be sent securely over the wire. This means although your web server is serving unencrypted content, it gets encrypted before it goes to Cloudflare, so no one along the path could snoop on it.