Anyway to proxy a 80 port web server?
I have a web server running on a 80 port and was wondering if there's anyway to get that proxied so it hides my backend IP. Does anyone have any ideas here?
80 Replies
Proxying directly on Cloudflare DNS seems to break it entirely... gives me the error in the screenshot.
If I have it set as not proxied and DNS only, it works fine.
So 80/http only, no https? Under SSL/TLS -> Overview change your SSL to Off if that's the only website on the domain, or you can use a Configuration Rule with Hostname eq to override it
If you're not doing https/443 because certs are annoying to setup or something like that, you could use Cloudflare Tunnels, simple connector you install on the same server/network, and then
User -> Encrypted -> CF -> Encrypted -> Tunnel -> unencrypted but LAN or same machine -> origin host, to avoid any security issues
It does have SSL if that changes anything
I suppose 443 port too then
It changes a lot yea, should be 80 & 443 then if properly setup. Does it work without proxy?
Yep! Works fine without proxy
Just want to hide that backend IP, this is the final obstacle before everything is hidden hahaha
Works fine with https or http without proxy?
With https, yeah
and http, but directs to https
If you go to SSL/TLS -> Overview, what's your setting?
Flexible
go to Full (Strict)
Awesome, that's done
Flexible is not something that should ever be used, it's user -> https -> cf -> http (plaintext!!) -> origin
looks like you unproxied it?
annnnd it seems like it's working now!
hahaha thank you so much!
I think you're just behind dns cache
is it not working for you?
ah rip it's not on my alternate computer
F
yup, run a trace (account level option -> trace) and see what it hits with the url
https://bans.nekobox.es/
Magic Link: https://dash.cloudflare.com/?to=/:account/trace/searchSend a screenshot here?
yup, what's that origin rule?
basically a reverse proxy
ok so that's making all requests for all hostnames on your zone/website go user -> http/443 -> cf -> https/25574
ah
what were you trying to accomplish with that?
Is it something that should be more scoped to a specific subdomain, orr
redirect linking.nekobox.es to the web server with 25574
click "Custom Filter Expression" "Hostname" "eq" "linking.nekobox.es"
side note: we may have broke that subdomain when we switched ssl/tls, you should really have proper ssl/tls at your origin though. If you need an ssl cert, CF offers 15 year long ones under SSL/TLS -> Origin Server, or Cloudflare Tunnels are really easy secure setup
just so u guys know u have issues w the linking subdomain too
yea that's what I just said above lol, although if it was working just because of Flexible that's not really working/zero security
What does
eq mean here?
equal?equals
amazing, just did that
oh sorry yea the dashboard doesn't say that only the underlying expression language
any other steps i should do regarding the DNS settings?
keep
linking as proxied on DNS?if you want to hide both yea both should be proxied, see https://discord.com/channels/595317990191398933/1280625802672607303/1280633502165106739 about fixing its ssl tho
Using the origin server, could you walk me through how to do that?
either one works, not too advanced in the DNS stuff yet hahaha
What origin software are you using?
uhhh wdym?
like my dedicated server that runs such hosts?
the web server on 25574
Ubuntu
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-118-generic x86_64)
@Chaika ^^
that's not a web server software, that's an operating system lol
oh that's what you mean
i see
what software/application is running at 25574, yea
https://gitlab.com/ruany/litebans-php/-/wikis/Installation pretty sure nginx with php
If you don't have easy access to the config/it's in its own environment/container then it's going to be far easier to just throw a tunnel on there: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/ and call it a day
Cloudflare Docs
Create a remotely-managed tunnel (dashboard) | Cloudflare Zero Trus...
Follow this step-by-step guide to get your first tunnel up and running using Zero Trust.
Is this how I would set up the tunnel?
(on step 2 of the document)
no, service is the local connection part
so if that's on your local machine, if you try
curl http://127.0.0.1:25574 -vvv, does it work/what does it output?nope
I'm using pterodactyl panel if it matters
so i guess it could be docker :P
oh wait linking is indeed docker, sorry
there's no nginx
there's probably nginx within the docker container lol
bans is working, we're on linking oopsie
it could def be docker, what matters most is the environment you are in in regards for the tunnel. Is the tunnel in a container or running on host? Is the linking container exposing itself on host on a specific port? etc
I installed the tunnel via the commands it gave me directly into the root folder
if thats what you're asking
sorry was afk for a sec, yea then it's running on your host machine directly. You have docker exposing the port on that same machine?
how would i check to see if it's exposing the port?
let me rephrase, is the docker container on that same host?
If you curl using the local IP of the machine rather then 127.0.0.1, does it work?
curl http://XXX:25574 -vvv does work with my actual machine's IP
sorry, i'm not very good at this sys admin stuffinteresting, if you
docker ps, can you see the port being exposed?
just a ps I can try to help with docker but I am no docker expert and their networking confuses me. I've never had any issues with tunnel running on the host connecting to docker containers exposing ports thoughyep, docker ps has it
what does it say, exactly?
I'll DM you the output as I don't want to publicly display that IP... kinda what I'm trying to avoid despite it being a Hetzner server 😂
ohh it's mapped exactly to your public ip and not just any
did you do that on purpose?
nope
pterodactyl panel installs docker for you, so i had no control over that specifically (i think)
been about a year since I did the initial installation
huh ok, well I mean you should be able to throw that into that public hostname, service http, url: XXX:25574 where XXX is your public IP. If it's your machine's Public IP, then it's just going to go over the loopback and that's fine, not going to touch the internet or even leave the machine. It's not the best setup, as if that ever becomes not your machine's IP you would be sending requests over the internet, but probably don't want to mess with pterodactyl
I am a bit confused by this, what am I supposed to do exactly?
ah
Well, remove the existing DNS record for
linking first (DNS -> Records, normal dash, if you don't the public hostname creation will yell at you), then navigate to your tunnel and add public hostname. subdomain linking, select domain. Service is HTTP (because just going over loopback/same machine) URL is <public ip>:25574like this? and remove the
linking DNS thing?
yes
done!
:D
that's amazing, i've learned so much
thank you so so so much!
Tunnels are a really handy tool for securely exposing insecure websites
yeah, 100%
this is an awful Python webserver I made before learning React and stuff 😂
if it works it works
can't use react as your backend anyway lol
fr xD
btw you can delete that origin rule now, it doesn't do anything with a tunnel but it might confuse you in the future
very smart, thank you!!