The only reason to ever use cloudflare is for hosting minecraft. Realistically its the only time you’re going to get ddos-ed. Otherwise, don’t use cloudflare. It does literally nothing for you. Cloudflare does not make your applications any more secure. Thats what really matters at the end of the day.
Cloudflare is a next generation firewall as a service. The way it works is it sits as a man in the middle between your service and the internet. It decrypts all network traffic it recieves and scans packets for known vulnerabilities.
Anyone in the habit of paying for anti-virus for their computer may not immediately understand why that isn’t very useful. The best way to prevent known vulnerabilities from being exploit is to use well maintained software and to update regularly. Companies need next generation firewalls because their employees are running windows operatings systems that are rarely updated. Actually this is what my home life is like too. The people I live with and know often have operating systems that haven’t beeb updated in years. If you’re looking to self host your time would be better spent copy pasting an update script foe your distro rather than getting the digital equivelent of plugging a leaky dam with bubblegum.
Cloudflare’s other main selling point is ddos protection. ddos attacks can cost companies millions if not billions of dollars per hour. Imagine amazon not being able to sell products for an hour! However, if you’re running non-commercial services, ddos attacks are nothing more than an inconvenience. If you’re running your services with a vps, there is zero risk. Your nextcloud instance being brought down for a few hours is no big deal. On the other hand, if you’re running your services on a laptop, you could lose internet access for an hour or two. This could annoy your wife, husband, children, roomates. The service most likely to be ddos-ed is minecraft. Run it at your own risk.