https://discord.cloudflare.com logo
Join Discord
Powered by
# general-discussions
  • c

    Chaika

    04/05/2023, 5:02 PM
    I see. Then yea, I would check logs & firewall. Btw, you can use Origin Rules to override the dest. port so clients don't have to specify a port when trying to connect, and if you do that, you can use any port
  • d

    Djkáťo

    04/05/2023, 5:04 PM
    I have 2 services on one domain under ports
  • d

    Djkáťo

    04/05/2023, 5:04 PM
    So dont see the point in overwriting the dest
  • c

    Chaika

    04/05/2023, 5:05 PM
    If you want them to be on the exact domain instead of using subdomains then yea no point
  • d

    Djkáťo

    04/05/2023, 5:07 PM
    They already are on subdomains
  • d

    Djkáťo

    04/05/2023, 5:07 PM
    Does that mean I can have one subdomain point to origin:port and another subdomain to origin:port2?
  • d

    Djkáťo

    04/05/2023, 5:07 PM
    Thatd be perfect
  • a

    AA

    04/05/2023, 5:08 PM
    cool
  • c

    Chaika

    04/05/2023, 5:08 PM
    That's the power of origin rules, yea. You can just create an origin rule matching hostname, ex. alt-port-subdomain.example.com Then rewrite dest. port to 8443. Then it would be: Clients -> 443 -> Cloudflare -> 8443
  • d

    Djkáťo

    04/05/2023, 5:09 PM
    Hmm leme try that out
  • d

    Djkáťo

    04/05/2023, 5:09 PM
    Been fighting with SSL certificates all week trying to get a passbolt server to run alongside my api..
  • d

    Djkáťo

    04/05/2023, 5:09 PM
    such a headache
  • d

    Djkáťo

    04/05/2023, 5:09 PM
    Thanks
  • d

    Djkáťo

    04/05/2023, 5:11 PM
    Will the origin certificate still work? Trying to use cloudflare cause a self signed one just really working for me
  • d

    dave

    04/05/2023, 5:12 PM
    and oddly sometimes faster than R2.
  • c

    Chaika

    04/05/2023, 5:13 PM
    Origin Rules Dest. port rewrites shouldn't effect your ssl/tls mode in any way, nor the validation. Cloudflare Origin CA Certs are more secure then self-signed anyway, if that's what you're trying to say in the second sentence
  • d

    Djkáťo

    04/05/2023, 5:14 PM
    Cool thanks <3
  • d

    Djkáťo

    04/05/2023, 5:15 PM
    So if I want subdomain passbolt.dom.tld to point to x.x.x.:8443 and api.dom.tld point to x.x.x.x:433 do I add 2 A records to the same IP and write those origin rules, right?
  • c

    Chaika

    04/05/2023, 5:15 PM
    Assuming you mean 443 for api.dom.tld, you don't need an origin rule for that one
  • c

    Chaika

    04/05/2023, 5:16 PM
    But yes, other then that
  • d

    Djkáťo

    04/05/2023, 5:16 PM
    Ah right
  • d

    Djkáťo

    04/05/2023, 5:16 PM
    Well now I know my nginx is the issue I guess
  • d

    dave

    04/05/2023, 5:16 PM
    what ya using nginx for?
  • d

    Djkáťo

    04/05/2023, 5:16 PM
    passbolt is a php app, and the API is anode app
  • d

    Djkáťo

    04/05/2023, 5:17 PM
    the node app is being reverse proxied out and passbolt is being served
  • d

    Djkáťo

    04/05/2023, 5:17 PM
    on different ports
  • c

    Chaika

    04/05/2023, 5:17 PM
    It would be simpler if you had an nginx configuration with server blocks, instead of having each server block listen on different ports, you can just use the server_name directive to have each subdomain reverse proxy back to a different service
  • d

    Djkáťo

    04/05/2023, 5:18 PM
    Oh really?
  • d

    dave

    04/05/2023, 5:18 PM
    have we ruled out using cloudflare tunnels?
  • d

    Djkáťo

    04/05/2023, 5:18 PM
    Yes
1...394839493950...4267Latest