I’ve migrated from cloudflare pages to cloudflare tunnels as I wanted to do a little bit more.
I can’t segregate my network as my ISPs router is rather limited, which means no vLANs. Connecting another router would introduce a double nat as they don’t allow bridging. So I’m running my website basically “raw” in a hyperV virtual machine. the website is semi-static and made out of flatfiles, therefore it’s is quite impossible to login into it. as stated before i’m using cloudflare tunnels to expose a nginx server to the interner. what are the chances someone or something (bot) inflataring my network? 100% safety is not possible but how safe am i?
You’ve already taken a great step by setting up Cloudflare tunnels, as that will obfuscate your WAN IP, but a common mistake I see a lot is having another random device on a network that is perhaps using a DDNS that doesn’t obfuscate A records or something like that.
Basically, just make sure everything that is public/internet-facing is going through CF tunnels and you’re as protected as you can (reasonably) can be - from that angle at least.
Keep in mind though, this just (largely) prevents one vector of attack - through your WAN IP - depending on your set-up, you could (and likely do) have other ways of penetration to get into your network.
I am a big proponent of getting something like a Firewalla to mitigate many other vectors. They’re bit pricey (though for their capabilities relative to other “off the shelf” devices, not really, I suppose) but largely hands-off.