I use a VPS, not Cloudflair, but it’s the exact same concept.
CF will have an exposed IP that you point your domains A record to. On your CF instance, you would then tunnel (I’m guessing they offer wireguard) into your home network, just like you are currently doing from your personal device.
A big difference here is you will put a reverse proxy on CF that will authenticate SSL with users. The proxy then will pass unencrypted http down the tunnel for your web services to respond to.
A couple days ago, someone asked (I think on this instance), “can you protect yourself from your VPS?”, which I think would be your next question.
<Opinion>I pay for a VPS, because if it’s free, you or your data is some how the product. </Opinion>