As the title states. Should it behind one or the other?
VPN is generally not advise for *arr suite. For bazaar really no need. Cheers.
As far as I can tell nope.
It is convenient to be behind a reverse proxy and it should have an ssl certificate.
I don’t put any *arr behind VPN except prowlarr (my tracker(s) allow access over VPN)
What about flaresolverr?
I use cloudflare tunnels for all internet traffic. Should be good enough?
Flaresolverr need to be behind VPN?
I don’t neither. The rationale is what’s private is your torrent client that’s need to be behind VPN.
Honestly I’m not much of an expert on this subject.
I only use Cloudflare tunnel for my friends to request movies via overseerr.
In my case, there’s no need for anything to be exposed since I have tailscale installed on my dns server and from there I can reach all my containers by name.
So I don’t know what your use case is but I’m not seeing a need to expose bazarr, or radarr, or even flaresolverr.
I have a pi I take on the road…I travel 90% of the time. I plug it into any wifi provided. It runs gluetun, cloudflared, cloudflare ddns, sonarr, radarr, transmission, flaresolverr, bazaar, dunhealthy, jellyfin.
Most concerned with my host getting dinged by isp…