TCP and UDP can listen on the same port, DNS is a great example of such. You’d generally need it to be part of the same process as ports are generally bound to the same process

They don’t even need to be the same process. I’m pretty sure that’s just a common practice if something needs both protocols, but there’s nothing stopping you from having a web server on TCP 443 and a VPN server on UDP 443. Ports are an abstraction brought by each protocol, they aren’t in anyway related.

Reminds me of this skit: https://youtu.be/oOFlN_qTCf0

There’s The Serial Port, It’s not really ‘home networks’, but he finds and sets up very early (~80-90s) ISP gear and explains how it works and the history of it. Similar to how Ben Eater uses an ‘old’ 6502 to explain stuff.

I have no idea how CoW interacts with NTFS

With btrfs you can disable COW for specific files, that might give you a little performance boost.

Cloudflare tunnels uses a QUIC connection between the cloudflared on the server and Cloudflare itself, which is encrypted similarly to HTTPS.

Whatever protocol cloudflared uses to talk to your webserver locally is configurable through the Cloudflare access web UI (just change http to https). I’ve actually got it configured to use unix sockets, which lets me treat it differently in my nginx config.

It’s probably blocked for whatever reason (maybe less than 90 days old?)

My work and Uni do the same thing, they don’t do full SSL inspection, so most websites don’t need a custom certificate authority; but if the SNI is blocked then they need a custom certificate to hijack and display a blocked message, most browsers will detect this as a MITM and display a not secure message instead.