What I've done so I can have a nice URL that's easy to remember and not have to open another port for cloudflare to use, was just to use cloudflared.
Go to Zero trust on CF dashboard and click Access -> Tunnels. Follow the installation instructions. I'm on Ubuntu so I just followed the Debian...