author here:
I tried port forwarding (because I never did in the past) and couldn't figure how to do it. capture here https://viggy28.dev/article/pain-of-setting-up-port-forwardi...
I guess Alex's inlets (https://github.com/inlets) might do it too. I would love to hear other alternatives.
Port forwarding is fairly simple. All routers should support it. Forward port 443 to local-rpi-ip-address:443. Setup caddy/traefik. Create A record to public ip. Enable tls. Enable file hosting. Done: you now have TLS static website without any 3rd parties.
That said, cloudflare is super handy for dns, and for proxying specific domains, where you don't want to expose your public ip.
Unfortunately residential networks usually don't have static IP's so the IP changes on reboots. Updating the DNS record every time would probably be a PITA.
The bigger problem would be if your ISP implemented CGNAT.