I have a bunch of services on a home machine and I use cloudflare tunnels to access them on the WAN. My ISP locks down ports 80 and 443, and so tunnels were the most viable way for me to get various pages online easy; especially helped since it's easy to configure and free to boot.
But I've been seeing more people talk about it being privacy invasive, and while I'm probably gonna remain largely ignorant on why, I was wanting to know if there was an alternative to this that I can use?
What is your goal? If it’s to have personal remote access, set up tailscale on all the devices you want to connect. If it’s self-hosting a public webserver, your options are hosting on non-standard ports, changing ISPs to one that lets you host, or tunneling to some other third party location that lets you host.
The only real alternative is to get a cheap VPS so you can VPN between the VPS and your home and keep using the tunnel and not expose your home IP but only your VPS IP. Or variations of that: you can also just use NGINX to forward 80/443 to 8080/8443 at home without even needing a VPN or to decode the encrypted traffic. Oracle has a free tier for those, but there's lots of reports of people's instances being shut down and left without their data.
There's no free and readily available solution like Cloudflare tunnels that can be more private, because whoever is proxying your traffic pretty much has to be able to see it. At the bare minimum, to be able to route it, they'd have to either give you your own public IP and blanket forward port 443, or they have to inspect the SNI header of the TLS session. It's technically possible to do that, I've implemented such a proxy with zero knowledge of the data inside. Cloudflare does have such a product in the enterprise tier, but it doesn't make sense for them to offer as a free product.
The only reason they have a free tier is to collect telemetry and run experiments to improve their enterprise offerings, and also free advertising by luring small companies into using them and then upgrading when they grow, or from people like us that will never need their paid features but will likely use them in an enterprise setting out of habit and comfort rather than do a true evaluation of all the CDN options available. Or people moving from free companies on the free tier to a bigger company that then will use them and upgrade to paid.
If it's just port blocking, why not run the services on other ports? OpenVPN or any other VPN software could get you secure remote access without issue, you run OpenVPN on whatever port you want and then you can connect to any service on your home machine from outside the house. A Tor hidden service could also be used, though you would sacrifice some speed and reliability.
Are you exposing those services so that stangers can also access them, or it's mostly about you and relatives using those services?
If it's for mostly private use, you could set up a mesh VPN network using Wireguard, or if you want something easier to manage you could look at Tailscale.
That way you'd also limit exposure of these services to the Internet and therefore minimize the risk of a security breach.
I use rathole tunnel (similar to frp) on VPS and Caddy locally. VPS and my local machine are connected with wireguard VPN. DNS points to VPS, TLS certificates are managed locally by Caddy.
Does your router have a VPN server? Use that to get into your network. If not, maybe think about replacing the router with one that does (most do from the better manufacturers).