Domain does not resolve if Cloudflare DNS settings are set to "Proxied"

Hi everyone - hoping to find some answers through the community.

My origin server exposes a web interface on a specific port (not the usual ones).
The origin server is also configured to use the TLS certificate generated by Cloudflare.

The DNS records are correctly pointing to my origin server’s IP address.

When the DNS is not proxied, or when “Development Mode” is active, my content is accessible at https://mysite.tld:myport.

When the DNS is proxied, or when “Development Mode” is inactive, my website is not accessible - the browser simply hangs.

I have tried varying levels of “SSL/TLS encryption mode” without any change in outcome.

The Proxy functionality offered by Cloudflare is the main reason for using the platform, as it is essential for the implementation of the web interface described above.

Please help :slight_smile:

Cloudflare’s proxy only listens on these ports (unless using Spectrum)…

If your origin is listening on another port, you can create a dedicated proxied subdomain for that service and use origin rules to tell the Cloudflare proxy to connect to your origin on any port…

@sjr thanks for the speedy reply!

I changed my origin server’s settings to expose the app on one of the cloudflare-supported ports.

The app is accessible if I access it on https://[origin-ip]:[supported-port]

However if I access it via the cloudflare-proxied https://[my-domain]:[supported-port] I’m getting the Cloudflare error page with:

Web server is returning an unknown error

Error code 520

Regarding this:

If your origin is listening on another port, you can create a dedicated proxied subdomain for that service and use origin rules to tell the Cloudflare proxy to connect to your origin on any port…

I’m not much of a networking pro so i’m not sure I understand. I tried creating an Origin Rule that applies to all traffic and only rewrites Destination Port to [supported-port].

This doesn’t seem to do anything.

  • If i access just https://[my-domain] it will show me a TOO_MANY_REDIRECTS error (which also happens without the rule)
  • If i access https://[my-domain]:[supported-port] i am getting the same cloudflare error 520 screen

Would really appreciate a deeper dive with this - thank you for your time!

Make sure the Cloudflare port you have chosen supports HTTPS - most, I think maybe all from memory, only support either HTTP or HTTPS, not both.

My preference would always be to use a subdomain (so just using https://subdomain.example.com to the edge, no ports to specify) and then the origin rule to set the origin port on the other end.

Make sure your SSL/TLS settings are set to Full (strict) here, that is the usual cause of too many redirects
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls

Also make sure your origin has a valid, signed SSL certificate.

2 Likes

@sjr Setting the SSL/TLS to “Full” did the job!

I had turned it off completely during one of my tests and had forgotten about it.

The SSL certificate I’m using was issued by Cloudflare, so that definitely was not the problem.

Everything’s working now - thanks for your help!

1 Like

You need that to be Full (strict) to protect against impersonation.

1 Like

@epic.network i meant “full (strict)” - that’s what I toggled my setting to at least :slight_smile:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.