How to use the non-standard ports compatible with Cloudflare

itmanager · September 17, 2020, 8:02am

Cloudflare says in their article
200169156-Identifying-network-ports-compatible-with-Cloudflare-s-proxy

By default, Cloudflare proxies traffic destined for the HTTP/HTTPS ports listed below.

HTTP ports supported by Cloudflare:

80
8080
8880
2052
2082
2086
2095

but at the bottom of this page Cloudflare also says this:
Cloudflare Access does not support port numbers in URLs. Port numbers are stripped from requests for URLs protected through Cloudflare Access.

I have tested with http://domain.com:8080 and indeed cloudflare removes the 8080 and sends the traffic to domain.com on port 80

So i dont get it, but how do I use one of these other ports? aside from 80 for http or 443 for https (obviously)

Judge · September 17, 2020, 5:05pm

Unfortunately, you can’t with Access.

sdayman · September 17, 2020, 5:17pm

Would Portzilla be an option? As long as something else isn’t already running on Port 80 for that domain, I’d expect this to work.

cscharff · September 17, 2020, 6:30pm

Those are HTTP ports not HTTPS, Cloudflare doesn’t support any HTTP ports with Access. If any actually work it’s not a feature and generally a colossally bad idea.

Does the application behind Access need to use HTTPS? Yes. Cloudflare Access only secures applications that use HTTPS.
Can Access enforce rules on a specific, nonstandard, port? No. Cloudflare Access cannot enforce a rule that would contain a port appended to the URL.However, you can use Cloudflare Argo Tunnel to point traffic to nonstandard ports. For example, if Jira is available at port 8443 on your origin, you can proxy traffic to that port via with Argo Tunnel.

sdayman · September 17, 2020, 8:37pm

Did Access actually show up on Port 80 for this request?

itmanager · September 18, 2020, 4:30am

ok, I just used half the help article as an example, its exactly the same question with the HTTPS ports mentioned, so my question is the same, how do we use any of these ports except for 443?

cscharff · September 18, 2020, 6:46pm

You can use Argo tunnel to map to a port on the origin server that isn’t 443, but through Cloudflare itself that’s not supported today.

itmanager · September 29, 2020, 6:26am

Thanks cscharff. I do understand that Argo can be used to redirect to the unsupported ports.

My question is about how to use the supported ports as detailed on this page.
200169156-Identifying-network-ports-compatible-with-Cloudflare-s-proxy

Surely there is a reason for Cloudfare to tell us that these ports are supported?

matteo · September 29, 2020, 6:29am

Because only them are in the standard offering. If you want more there is Spectrum, which is an Enterprise product.

michael · September 29, 2020, 6:49am

The non standard ports are for cPanel/WHM and similar tools, and are not intended to be used for anything else.

cscharff · September 29, 2020, 2:19pm

Cloudflare doesn’t remove the :8080 to then send the traffic to port 80. I believe your testing was incorrect or you’ve configured a page rule or other setting to change the behavior.

sdayman · September 29, 2020, 2:21pm

Are you saying that Access will maintain “non-standard” ports as it passes a user through authentication?

cscharff · September 29, 2020, 2:26pm

No the OP said he wants to use non-standard but supported posts and the Access bit he quoted wasn’t part of the use case.