I'm using OPNsense as the main firewall/router, with the HAProxy plugin acting as reverse-proxy. Cloudflare DNS proxies my home IP address and keeps it hidden from the public, and the DDNS plugin in OPNsense updates the A record in CF when my ISP changes my public IP address every few months.
