Is it possible to have a backend without port 80?

Hosting a service on my home connection, port 443 is fine but my idiot ISP blocks port 80. the service works fine over https to 443 directly, but when I add the domain to cloudflare, I get 522s, and cloudflare never attempts to make any connection to my IP address.

SSL is set to Full (Strict) but I’ve tried Full and Flexible too. Tried with and without authenticated origin pull, and still don’t see any connection from CF to my server at either my firewall (doing DNAT to my server) or the server behind it. The only request I see form CF hitting my network is when I enable SSL/TLS Recommender, I get 2 requests, GET / HTTP/1.1" 200 4481 "-" "Cloudflare-SSLDetector"

Is having port 80 reachable a hard dependency for using cloudflare?

Certainly there’s no need to have port 80 reachable. I allow only Cloudflare’s IPv6 addresses through the firewall for port 443 (DNS is set to proxied origin IPv6).

If port 80 with a redirect to HTTPS isn’t on your origin, make sure you have Cloudflare set to do this for you by turning on “Always use HTTPS” under SSL/TLS… Edge Certificates.

3 Likes

In addition to the information sjr provided, that is specifically our Encryption Recommender Bot. It is only scanning on port 80 to figure out a recommendation for your site. Since you are on Full or Full(Strict) there should be no issue with.

The issues with 522 are more likely cause by something like rate limiting at your hosting provider, I would verify that our IPs are allowlisted there.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.