How do you mitigate the risk of stolen unencrypted data because you are using Cloud DNS to proxy the request that are sent to your server?

Question

Goal

My goal is to build a PWA. I am new to programming and I believe it is better to start with NGINX.

I have not found a good article (explaining the security risk) about using the Cloud DNS (such as Alibaba Cloud DNS) to function as a WAF.

I am documenting it in a README.md

My intention on why I ask this question

I am curious how we can use the Cloud DNS service safely. Note: I use Alibaba Cloud DNS.

Cloudflare, as a proxy, decrypts your traffic internally to do what Cloudflare does, and then re-encrypts it for your visitors.

(source)

Question

How do you mitigate the risk of stolen unencrypted data because you are using Cloud DNS to proxy the request that are sent to your server?

Reference: Using Cloudflare's WAF = helps you mitigate direct attack (You block request except from the Cloudflare)