The Cloudflare tunnel can be done as a straight proxy, allowing all public access in, or behind an 'Application' (next page), limiting access to authenticated users or users meeting a certain requirement (eg IP range, country). This is part of Cloudflares 'Zero Trust' service, which is accessible via the Cloudflare website

Cloudflare Proxies are referred to as 'Public Hostnames'

Creating a Proxy (straight public facing - no auth or security)

Unfortunately the Cloudflare doco for this is rubbish, or non-existent. Hopefully the process stays the same...

1. Log into Cloudflare and click on Zero Trust

2. Navigate to Access > Tunnels

3. Select the relevant tunnel > configure

4. Click on the Public Hostname tab

5. Click on 'Add a public hostname' and fill in the relevant details
6. For internal services with self signed certificates,

   1. Click on Additional application settings

   2. Expand TLS

   3. Enable 'No TLS Verify'

7. Click on Save Hostname

8. Your service will now be publicly accessible at subdomain.domain.com/path