I don’t think there’s anything special apart from the TLS settings between CF and Fly. This thread might help: Can I use CloudFlare proxying with Fly certificates ?
We do offer DDoS protection, but we don’t have features such as a WAF (Web Application Firewall). Technically you could add a WAF layer inside your image to get that extra abuse protection. We haven’t build that into our product yet because we’re on the fence about it 
we could be convinced otherwise.