HTTPS ports supported by CloudFlare:
https://support.cloudflare.com/hc/en-us/articles/200169156-Identifying-network-ports-compatible-with-Cloudflare-s-proxy
Use HTTPS ports to your server to not expose your server IP.
Also with CloudFlare you can add custom firewall rules, page rules, etc to block specific paths, countries, IP ranges etc. You can use a combine of nginx web server, free waf firewall (nginx) and CloudFlare, all these together for better security results. Also with a whitelist IP setting on CloudFlare and in aapanel WAF you can set a proxy/squid (with authorised access) and all admins and members of project can access without these restrictions to the project. With this way you can protect server and project from attacks, etc...