Remote access options for self-hosted services
Running self-hosted services behind a router that allows port forwarding is mostly as simple as forwarding a few ports, mainly 443 for everything over HTTPS and port 80 for automatically renewing Let's Encrypt certificates.
Otherwise, being behind a router that either doens't allow port forwarding, or just doesn't work well, or being behind CGNAT, may require the use of some sort of tunnels to route inbound traffic using outbound connections. This can also be useful even in the above case, when multiple systems need to be reachable on port 80.
Cloudflare tunnels do not enable access on port 80.
Cloudflare redirects port 80 to 443, to upgrade HTTP connections to HTTPS. That means ACME HTTP-01 challenges to renew Let's Encrypt certificates need to be routed to the relevant port (80 or 32080) based on the request path; see Let's Encrypt via tunnel.