Dynamic DNS and proxying

I’m trying to get my sites working with Cloudflare. I have dynamic DNS properly configured and updating. I only have IPV4 thanks to my ISP.
However, if I set the A record from “DNS Only” to “Proxied” the sites become unreachable.
I’ve checked my photoprism site, both with a browser and with “curl --include --verbose --location https://site1.mydomain.com:2342” , and with DNS Only I am able to retrieve the site.
When I enable proxying, I get only timeouts.
What am I don’t wrong? Is it possible to proxy a site with a dynamic IP?

1 Like

Cloudflare’s edge only listens on these ports (unless using Cloudflare Spectrum)…

You can use origin rules to tell Cloudflare to connect to your origin on port 2342, and then use https://subdomain.example.com without a port to connect.


Thanks, I’ll try the origin rules.
Unfortunately, all I get now is an error 400 with what should be a simple rule:
(http.host eq "photos") or (http.host eq "photos.mydomain.com"). Destination port is set to rewrite to 2342.
Trace shows that the rule is matched, and then nothing else but the error 400.

You can do “contains” or “starts with” if you want to match part of a host name, but just (http.host eq "photos.mydomain.com") is enough.

Make sure the subdomain is proxied.

To test, you’ll need to give the domain and can you show a screenshot of your rule?

1 Like

Here is the rule, in the origin rule tab.
I’ve also just checked, and the photoprism app is up and running. I can access it by hardcoding the ip address in /etc/hosts

The rule as seen by cloudflare trace.

The content of the 400 error is important.

The domain shown in your screenshots appears to only accept connections over HTTP (i.e. SSL/TLS mode is set to Off) while the contents of the 400 error is Client sent an HTTP request to an HTTPS server.

If you’re using HTTPS at the origin which it sounds like you are, set the SSL/TLS mode to Full (strict) instead of Off.

Sidenote, you can set this for a specific subdomain using Configuration Rules.


Thank you! That was indeed the final issue - I had SSL as “flexible”, switching to “Full (strict)” allowed me to get it finally working.


This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.