When to use cloudflare tunnel + nginx or just nginx + cloudflare dns
We are running a kubernetes cluster for prod traffic with customers around the country. Our current setup is nginx load balancer + lets encrypt + external dns. We are switching DNS over to cloudflare for the WAF and ddos protection. Our two options are two use nginx and block all traffic not from cloudflare ips, or to close the nginx to external traffic and route it all through a cloudflare tunnel. What would the recommendation be here? We are very security conscious as we have sensitive data, but would prefer not to compromise on latency/throughput.
