I noticed that when proxy is enabled I can’t ssh to an external address via that fqdn. We have external partners that need access to an sftp server we’ve set up. How do I set this up so we still have proxy enabled but they are still able to SSH into our server via the DNS name?
You can do this using Argo Tunnels and Access.
I was hoping not to have to be charged more just to allow people to access our sftp server that seems unfair. Why wouldn’t a firewall rule work?
Because Cloudflare doesn’t allow other protocols through the proxy in the standard offering. You can either set a subdomain to , removing the proxy, using Argo Tunnel or the Spectrum offering in the Enterprise plan.
Well that sucks. Thanks for the info though.
It’s a Proxy/CDN, all CDNs behave the same…
You could still create a separate subdomain for SSH, leaving the main one for HTTP proxying.
You could Also create a hostname for ssh directly but it wouldn’t be protected by Cloudflare. If you name it mytotallysecretname.example.com so no one guesses it, but still exposed to a simple port scanner.