I don’t believe any proxy could route traffic dynamically the way cf tunnels (and traefik for that matter) do without being able to read the unencrypted http requests. That’s a trade off I’m making and aware of, because I don’t want to use a VPN to access my services. (Another big trade off is cf only tunnels HTTP traffic, so I can’t use SSH keys to reach my self hosted gitea repos. Honestly that’s a bigger motivator to me to find another solution)