I installed Discourse forum on VPS and added cloudflare in front of VPS. But I didn’t quite succeed in hiding my server’s real IP address.
Domain
thisisatest.tech
dnshistory.org (everything is correct when I look here - successful)
https://dnshistory.org/dns-records/thisisatest.tech
Shodan.io (When I look here I see the VPS real IP address - fail)
https://www.shodan.io/search?query=thisisatest.tech
Censys.io (When I look here I see the VPS real IP address - fail)
https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=thisisatest.tech
I don’t know where I went wrong. Maybe there is a very simple solution, but my research has not led me to any conclusions. I want your help. Thanks in advance to those who help.
Its not this easy, but the only way that you could prevent it is from blocking all non Cloudflare IPs how @anon9246926 mentioned. The Way that Censys and Shodan work is that they scan the Complete (at least they claimed this in the Past) Public IPv4 Spectrum. Even when its not every IPv4 anymore its still a lot. They Scan every IP Address in their Database for open Ports. When they knock at the Webserver Port from your Webserver the Server accepts the Connection and hands them the TLS Certificate. Because your Lets Encrypt TLS Certificate has your Domain Name in it you find the Server IP Address when you filter after the Name. Only way to Block this would to drop the Connection from Every IP that is not Cloudflare
Edit:
It also seems like your Webserver redirects Requests to the IP Address with a 301 HTTP Redirect to your URL. Thats another way for Censys and Shodan to find the IP behind the URL. But this Problem will be aswell gone when you block non Cloudflare IPs from accessing Port 80 and 443