How to use CloudFlare with Java RMI, Socket and Apache Tomcat?

I’m planning to transfer my domain name to CloudFlare to reduce latency for my application and hide the server’s IP address.
In addition to using the default 2 ports is 80 and 443 for the main domain name, I need to use some other ports but it seems that CloudFlare does not support / open the entire port?
This is the domain diagram and the current port I use I use:

  • Homepage: domain•com (192.168.0.1:80 / 443, block all other ports, use SSL)
  • Java RMI: sub•domain•com (192.168.0.1:10001, block all other ports, don’t use SSL)
  • Java socket: sub•domain•com (192.168.0.1:6721, block all other ports, don’t use SSL)
  • Apache Tomcat: sub•domain•com (192.168.0.1:7000, block all other ports, don’t use SSL)

In short, it’s:

  • Domain: domain•com → only open port 80 and 443.
  • Subdomain: sub•domain•com → only open port 6721, 7000 and 10001.

The connection is completely using domain names rather than using the IP address directly.
How do I do to configure allowing / blocking like this?

This part is fine, as it’s a standard webserver configuration.

This part won’t work when :orange: Proxied unless you use Enterprise Spectrum, as it’s not standard webserver configuration. That DNS record would have to be :grey: DNS Only.
https://developers.cloudflare.com/fundamentals/get-started/network-ports

2 Likes

I have seen this document: Require specific HTTP ports
It seems I need to use some firewall rules like this:

http.host eq "domain.com" and cf.edge.server_port in {80 443}
http.host eq "sub.domain.com" and cf.edge.server_port in {6721 7000 10001}

Is it right and enough to allow the ports to request and block other the entire ports?
As you say, subdomain will not work when I activate the :orange: Proxied. But if I don’t activate the :orange: Proxied (which to be :grey: DNS Only), does the firewall rule work on subdomain?

Cloudflare does not listen on those other ports. The firewall rule is only to block unwanted ports from the list I linked to.

In :grey: DNS Only mode, all traffic will go direct to server and receive no Cloudflare features such as Firewall or Caching.

If the domain domain.com is enabled in the :orange: Proxied, with the firewall rule above it helps block all other ports outside the port 80 and 443?

Yes, it will block those other port connections to your server.

By default if I don’t add the above firewall rule, will the webs added will listen on all the ports listed on the Network ports page right?
Does subdomain enables :grey: DNS Only mode can use Cloudflare SSL (including Edge Certificates and Origin Certificates)?

Already answered these.


In this case, if I use the CNAME record for the subdomain instead of the A record, will it work as I expect?

There’s no good reason to use a CNAME in this situation. I highly doubt it will change the outcome.

1 Like

So in this situation, should I use A record and activate :grey: DNS Only mode?

Also already answered:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.