tl;dr netmaker instance is only used on a private network but one external client needs access to the network via vpn to ssh into the servers and access other stuff. I'm thinking I can bypass cloudflare altogether and rather just change the netmaker config to bind the grpc server to a private ip address on the private network