So I have a question that is multifaceted regarding Cloudflare Access (product) and certificates.
I have 2 servers both using Argo tunnels to connect in with Cloudflare Access applications, one lets call it Server1 has a reverse proxy (swag - which gets letsencrypt certs for the domain) which was in use before Cloudflare access was put in. So the Cloudflare applications point to the reverse proxy port and then are routed to the application. This works, but what want to know is from a security perspective do I need this reverse proxy at all?
Seeing as on Server2 there is no reverse proxy and you can point a Cloudflare access application to 0.0.0.0:port on the machine to access any application and it presents the user with no ssl issues in browser and shows the Cloudflare sni cert.
I just really want to know if this is an issue on Server1 adding complexity and not much more security or an issue on Server2 where I need to add a reverse proxy and certificates ?
**note the reason for the reverse proxy on Server1 was pre Cloudflare access to manage connections using https to non https services running in docker.
Any clarification on how certs work in Cloudflare access would be great. Thanks.