I have two Flask websites running on an ubuntu machine running on my home server. Both of them are running as a service with Gunicorn, one is on port 9000, the other is on 9001. I have registered a Cloudflare account, where I created a Zero Trust tunnel and configured my home server as a connector. Then I registered a domain and set up the public hostnames like this:
Website one: 192.168.1.2:9000 goes to subdomain1.domain.com
Website two: 192.168.1.2:9001 goes to subdomain2.domain.com
I don't have SSL or Nginx setup, but to me it seems like everything is fine. Both websites are accessible and running and I don't have any ports open.
Question one: Is SSL like this secure? So based on my knowledge the connection between Cloudflare and my client and between Cloudflare and my server is secure, and the only plain text http is between the Cf connector and Flask, which is fine as that is only internally on my server. Is this true?
Question two: Is my described method okay for hosting the websites? If not what would be? Thanks for reading.