There seems another way to achieve this, using Cloudflare's own cloudflared tunnel.
Install a cloudflared tunnel on your remote server, configure it to forward traffic to that server's hosts proxy server(maybe Shadowsocks) using Zero Trust dashboard, and run the following command on your local computer:
cloudflared access tcp --hostname some.your-domain.tld --url localhost:8080
Then localhost:8080's traffic will be forwarded to cloudflareds' host, the whole traffic is using HTTP2 so might look legitimate to Firewall.
For example if using Shadowsocks on server, your Shadowsocks's local client can connect to localhost:8080 as server to forward traffic.