How to proxy 8080 through 8443 without end-to-end encryption with the origin server?


My origin server serves HTTP traffic on 8080 and being proxied through Cloudflare DNS.
I’m planning to host multiple services on the origin server and I’d like to make use of both 80 and 8080 ports.
However, I didn’t want to configure end-to-end SSL/TLS encryption and simply rely on Cloudflare proxy’s HTTPS traffic.
If I serve HTTP traffic on 80, I’m still able to access it over HTTPS on 443 automatically, the certificate being Cloudflare’s.
However, if I serve HTTP traffic on 8080, I was expecting to be able to access it on 8443 with Cloudflare’s too but apparently that’s not the case.
I know I could serve SSL/TLS encrypted traffic from the origin server on 8443 and Cloudflare proxy would pick it up the whole point I’m trying to make here is that I simply do not want my origin server to deal with SSL/TLS certificate management, at all.
I saw a few threads after searching which suggest using Cloudflare Tunnels etc but I’m wondering if there could be a more simple and straightforward way.

(Also, I hope there could be some ways to also do the same for let’s say origin server HTTP 2052 to Cloudflare proxy HTTPS 2053 automagically etc.)

Thank you.

Cloudflare has a set list of ports that you can use for HTTP/HTTPS

Why would you expect this to be the case? They are two different ports and you have to configure your origin server to listen for both.

Tunnels is the best and easiest way for handling multiple ports

Because the default behavior for 80 port is that if I serve HTTP 80 from the origin server without serving HTTPS 443, Cloudflare is still able to serve both (80) and (443).

So, what I was expecting to see is that if my origin server serves HTTP 8080, Cloudflare could somehow also serve HTTPS 8443 for me automatically with its own SSL/TLS certificate.

Wouldn’t that be the case? If not, is there a way to port bind them to be served through Cloudflare’s HTTPS traffic?

Why not just secure your origin with either a valid certificate or a Cloudflare Origin CA certificate and use the standard HTTPS port with name-based virtual hosts on your origin?

Following your suggestion, I basically setup an NGINX reverse proxy and also used Cloudflare Origin Certificate (with Full encryption) and now everything looks good. I will be managing my subpaths on the NGINX side directly. Thank you.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.