All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Self Hosting using IPv6/Cloudflare Proxy, and security
I'm never been one to open ports... But got a /56 and 7gbps fiber.. (free upgrade) otherwise I couldn't afford that. I have been using Cloudflare tunnels, but in testing its been around 8-40MB/s at random its just "slow" (for large files) the past year or so I've been doing it.
I've been testing opening up IPv6 but only to Cloudflare IP's and port 443 only. Running it in a VM within Proxmox, and from a remote VPS can max out the 2.5G dedicated NIC for that VLAN.
I have the VLAN completely DMZ'd / Isolated.
Other than VLAN's, firewall rules, etc Other than that mostly just worried about "breakout" on the proxmox VM.
I'm no security expert but not sure how much faith I should put into it even though only port 443 and cloudflare IP's are allowed.

Comments
If it's a straight up "drop everything not 443 tcp, allow CF IP A, allow CF IP B, allow CF IP C, ..., drop unconditionally" there shouldn't really be that much to possible go wrong. At worst someone could SYN flood you with a spoofed CF IP. That would likely put some strain on your server but they'd find the specific IP first, which would be pretty hard since it'll just look a like a random firewalled port during any kind of scan. The only way your IP could realistically get found out is something (like for example a HTTP error page) leaking it.
Edit: The VM will be as secure as an up to date qemu installation can be (considering you regularly update it). It's probably going to be a little bit confusing doing this inside some setup like proxmox but as long as your VM's network isn't routed into your LAN there shouldn't really be a chance of anything getting out.
Personally i'd probably create some bridge interface attach the specific IP, make qemu use it and setup forwarding so it'll only go towards the interface connected to the outside. If outside + inside are the same interface i'd probably just drop everything coming from the bride aimed at local IPs or in your case rather not-CF-IPs (disclaimer: there's a fair chance that using bridge interfaces for that is not exactly intended here - i have zero clue - but it works, so...).
Everyone is paranoid about opening ports, but they really shouldn't be.
Be careful that you only open a port to trustworthy software. If you're running a web server, allow all traffic to that web server and don't worry any more about that.
Don't allow all traffic to everything because you probably have some software like printer drivers that have vulnerabilities. But do allow web server traffic to the web server, and don't feel anxious about that.
Be careful what you run on that web server. nginx or caddy is pretty trustworthy. Serving static files is pretty safe - I'd enable it without a second thought. Obviously be careful not to put your passwords and credit card numbers in the website folder. When you start using PHP scripts or web apps, those can bring their own vulnerabilities and that's where the actual danger starts.
If you want to put the web server on a separate computer and use a VLAN to keep it separate from your main network, that's a pretty sensible safety measure, but also can be hard to set up and I don't think it's essential.
Not too worried about the IP itself since I'm using IPv6 only and its on its own block specific to that VLAN/VM. I've made sure its not pingable and nothing is accessible except outside cloudflare's provided IP's
I've actually been running it on its own seperate Proxmox server thats dedicated for public stuff only. Just a i5-3570. Theres one service thats behind a tunnel I run on my main proxmox server due to ffmpeg (13700), But have thought about throwing it on my main just to free up 15watts haha. My entire network, server, NAS I'm just under 200w so I guess thats good comparatively.
Currently running aaPanel which I know some are against it. I do prefer a panel though for ease of use personally. I like CloudPanel, but not sure whats going on, but it maxes out at gigabit with my 2.5G nic and my 10G nic. But of course panels are only accessible locally.
Mostly just trying to maximize speeds, I have zero need for 7 gig but I wasn't gonna turn it down, and why not put it to use. Just over a year ago max I could get was 1100/65.
Off topic, I'm also on a beta list for.. well above 10G I haven't confirmed how much I can talk about that one from the ISP yet lol