The cloudflare tunnel is the reverse proxy in this case. No particular need to run another. Are you using the docker cloudflared to set up the tunnel?

In my case, I use NGINX that connects to the cloudflare side and parse everything out from there, and I haven’t used the cloudflared docker, but I imagine that makes things easier. I set everything up before Cloudflare tunnels were a thing, so I didn’t really want to rejigger everything. If were doing it from scratch, I’d probably go with Cloudflare.

Inb4 the Cloudflare is Bad and is a MITM attack people. Yes, it is, but it’s about opportunity cost. I’m not doing anything I care that Cloudflare sees, so I’m fine using it for simplicity sake, and I imagine they do a better job of security than I do, and I can manage stuff on a well configured dashboard instead of a command line. I’m more interested in blocking people who AREN’T cloudflare from screwing with my shit than I am in keeping Cloudflare out of my business. I use a VPN for things I don’t want to run through Cloudflare (like Torrents).