Anyway to proxy a 80 port web server?

I have a web server running on a 80 port and was wondering if there's anyway to get that proxied so it hides my backend IP. Does anyone have any ideas here?
No description
80 Replies
Someone
SomeoneOP•3mo ago
Proxying directly on Cloudflare DNS seems to break it entirely... gives me the error in the screenshot. If I have it set as not proxied and DNS only, it works fine.
Chaika
Chaika•3mo ago
So 80/http only, no https? Under SSL/TLS -> Overview change your SSL to Off if that's the only website on the domain, or you can use a Configuration Rule with Hostname eq to override it If you're not doing https/443 because certs are annoying to setup or something like that, you could use Cloudflare Tunnels, simple connector you install on the same server/network, and then User -> Encrypted -> CF -> Encrypted -> Tunnel -> unencrypted but LAN or same machine -> origin host, to avoid any security issues
Someone
SomeoneOP•3mo ago
It does have SSL if that changes anything I suppose 443 port too then
Chaika
Chaika•3mo ago
It changes a lot yea, should be 80 & 443 then if properly setup. Does it work without proxy?
Someone
SomeoneOP•3mo ago
Yep! Works fine without proxy Just want to hide that backend IP, this is the final obstacle before everything is hidden hahaha
Chaika
Chaika•3mo ago
Works fine with https or http without proxy?
Someone
SomeoneOP•3mo ago
With https, yeah and http, but directs to https
Chaika
Chaika•3mo ago
If you go to SSL/TLS -> Overview, what's your setting?
Someone
SomeoneOP•3mo ago
Flexible
No description
Chaika
Chaika•3mo ago
go to Full (Strict)
Someone
SomeoneOP•3mo ago
Awesome, that's done
Chaika
Chaika•3mo ago
Flexible is not something that should ever be used, it's user -> https -> cf -> http (plaintext!!) -> origin looks like you unproxied it?
Someone
SomeoneOP•3mo ago
annnnd it seems like it's working now! hahaha thank you so much!
Chaika
Chaika•3mo ago
I think you're just behind dns cache
Someone
SomeoneOP•3mo ago
is it not working for you? ah rip it's not on my alternate computer F
Chaika
Chaika•3mo ago
yup, run a trace (account level option -> trace) and see what it hits with the url https://bans.nekobox.es/ Magic Link: https://dash.cloudflare.com/?to=/:account/trace/search
Someone
SomeoneOP•3mo ago
Send a screenshot here?
Someone
SomeoneOP•3mo ago
No description
Chaika
Chaika•3mo ago
yup, what's that origin rule?
Someone
SomeoneOP•3mo ago
No description
No description
Someone
SomeoneOP•3mo ago
basically a reverse proxy
Chaika
Chaika•3mo ago
ok so that's making all requests for all hostnames on your zone/website go user -> http/443 -> cf -> https/25574
Someone
SomeoneOP•3mo ago
ah
Chaika
Chaika•3mo ago
what were you trying to accomplish with that? Is it something that should be more scoped to a specific subdomain, orr
Someone
SomeoneOP•3mo ago
redirect linking.nekobox.es to the web server with 25574
Chaika
Chaika•3mo ago
click "Custom Filter Expression" "Hostname" "eq" "linking.nekobox.es" side note: we may have broke that subdomain when we switched ssl/tls, you should really have proper ssl/tls at your origin though. If you need an ssl cert, CF offers 15 year long ones under SSL/TLS -> Origin Server, or Cloudflare Tunnels are really easy secure setup
Zach
Zach•3mo ago
just so u guys know u have issues w the linking subdomain too
No description
Chaika
Chaika•3mo ago
yea that's what I just said above lol, although if it was working just because of Flexible that's not really working/zero security
Someone
SomeoneOP•3mo ago
What does eq mean here? equal?
Chaika
Chaika•3mo ago
equals
Someone
SomeoneOP•3mo ago
amazing, just did that
Chaika
Chaika•3mo ago
oh sorry yea the dashboard doesn't say that only the underlying expression language
Someone
SomeoneOP•3mo ago
any other steps i should do regarding the DNS settings? keep linking as proxied on DNS?
Chaika
Chaika•3mo ago
if you want to hide both yea both should be proxied, see https://discord.com/channels/595317990191398933/1280625802672607303/1280633502165106739 about fixing its ssl tho
Someone
SomeoneOP•3mo ago
Using the origin server, could you walk me through how to do that? either one works, not too advanced in the DNS stuff yet hahaha
Chaika
Chaika•3mo ago
What origin software are you using?
Someone
SomeoneOP•3mo ago
uhhh wdym? like my dedicated server that runs such hosts?
Chaika
Chaika•3mo ago
the web server on 25574
Someone
SomeoneOP•3mo ago
Ubuntu Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-118-generic x86_64) @Chaika ^^
Chaika
Chaika•3mo ago
that's not a web server software, that's an operating system lol
Someone
SomeoneOP•3mo ago
oh that's what you mean i see
Chaika
Chaika•3mo ago
what software/application is running at 25574, yea
Someone
SomeoneOP•3mo ago
Chaika
Chaika•3mo ago
If you don't have easy access to the config/it's in its own environment/container then it's going to be far easier to just throw a tunnel on there: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/ and call it a day
Cloudflare Docs
Create a remotely-managed tunnel (dashboard) | Cloudflare Zero Trus...
Follow this step-by-step guide to get your first tunnel up and running using Zero Trust.
Someone
SomeoneOP•3mo ago
Is this how I would set up the tunnel?
No description
Someone
SomeoneOP•3mo ago
(on step 2 of the document)
Chaika
Chaika•3mo ago
no, service is the local connection part so if that's on your local machine, if you try curl http://127.0.0.1:25574 -vvv, does it work/what does it output?
Someone
SomeoneOP•3mo ago
nope
* Trying 127.0.0.1:25574...
* connect to 127.0.0.1 port 25574 failed: Connection refused
* Failed to connect to 127.0.0.1 port 25574 after 0 ms: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 127.0.0.1 port 25574 after 0 ms: Connection refused
* Trying 127.0.0.1:25574...
* connect to 127.0.0.1 port 25574 failed: Connection refused
* Failed to connect to 127.0.0.1 port 25574 after 0 ms: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 127.0.0.1 port 25574 after 0 ms: Connection refused
I'm using pterodactyl panel if it matters so i guess it could be docker :P oh wait linking is indeed docker, sorry there's no nginx
Chaika
Chaika•3mo ago
there's probably nginx within the docker container lol
Someone
SomeoneOP•3mo ago
bans is working, we're on linking oopsie
Chaika
Chaika•3mo ago
it could def be docker, what matters most is the environment you are in in regards for the tunnel. Is the tunnel in a container or running on host? Is the linking container exposing itself on host on a specific port? etc
Someone
SomeoneOP•3mo ago
I installed the tunnel via the commands it gave me directly into the root folder
Someone
SomeoneOP•3mo ago
No description
Someone
SomeoneOP•3mo ago
if thats what you're asking
Chaika
Chaika•3mo ago
sorry was afk for a sec, yea then it's running on your host machine directly. You have docker exposing the port on that same machine?
Someone
SomeoneOP•3mo ago
how would i check to see if it's exposing the port?
Chaika
Chaika•3mo ago
let me rephrase, is the docker container on that same host? If you curl using the local IP of the machine rather then 127.0.0.1, does it work?
Someone
SomeoneOP•3mo ago
curl http://XXX:25574 -vvv does work with my actual machine's IP sorry, i'm not very good at this sys admin stuff
Chaika
Chaika•3mo ago
interesting, if you docker ps, can you see the port being exposed? just a ps I can try to help with docker but I am no docker expert and their networking confuses me. I've never had any issues with tunnel running on the host connecting to docker containers exposing ports though
Someone
SomeoneOP•3mo ago
yep, docker ps has it
Chaika
Chaika•3mo ago
what does it say, exactly?
Someone
SomeoneOP•3mo ago
I'll DM you the output as I don't want to publicly display that IP... kinda what I'm trying to avoid despite it being a Hetzner server 😂
Chaika
Chaika•3mo ago
ohh it's mapped exactly to your public ip and not just any did you do that on purpose?
Someone
SomeoneOP•3mo ago
nope pterodactyl panel installs docker for you, so i had no control over that specifically (i think) been about a year since I did the initial installation
Chaika
Chaika•3mo ago
huh ok, well I mean you should be able to throw that into that public hostname, service http, url: XXX:25574 where XXX is your public IP. If it's your machine's Public IP, then it's just going to go over the loopback and that's fine, not going to touch the internet or even leave the machine. It's not the best setup, as if that ever becomes not your machine's IP you would be sending requests over the internet, but probably don't want to mess with pterodactyl
Someone
SomeoneOP•3mo ago
I am a bit confused by this, what am I supposed to do exactly?
Someone
SomeoneOP•3mo ago
ah
Chaika
Chaika•3mo ago
Well, remove the existing DNS record for linking first (DNS -> Records, normal dash, if you don't the public hostname creation will yell at you), then navigate to your tunnel and add public hostname. subdomain linking, select domain. Service is HTTP (because just going over loopback/same machine) URL is <public ip>:25574
Someone
SomeoneOP•3mo ago
like this? and remove the linking DNS thing?
No description
Chaika
Chaika•3mo ago
yes
Someone
SomeoneOP•3mo ago
done!
Chaika
Chaika•3mo ago
No description
Someone
SomeoneOP•3mo ago
:D that's amazing, i've learned so much thank you so so so much!
Chaika
Chaika•3mo ago
Tunnels are a really handy tool for securely exposing insecure websites
Someone
SomeoneOP•3mo ago
yeah, 100% this is an awful Python webserver I made before learning React and stuff 😂
Chaika
Chaika•3mo ago
if it works it works can't use react as your backend anyway lol
Someone
SomeoneOP•3mo ago
fr xD
Chaika
Chaika•3mo ago
btw you can delete that origin rule now, it doesn't do anything with a tunnel but it might confuse you in the future
Someone
SomeoneOP•3mo ago
very smart, thank you!!
Want results from more Discord servers?
Add your server