Please explain proxy to me, a noob!

I have an cname record on my domain that uses a DDNS service

cname homenetwork homenetwork.duckdns.org

Normally, if I ping homenetwork.mydomain.com, it will resolve to the IP address of my home network (my router updates the duckdns service when my dynamic public IP address changes).

At some point a week or 2 ago, I turned proxy on in DNS settings for all the DNS entries that gave me that choice.

I have a unifi controller on my home network. Getting to the unifi website on port 8443 DID keep working, but recently noticed that devices that report into the server on port 8081 were showing as offline (couldn’t report in / communicate with the unifi controller).

As soon as a I turn off proxy on that record, devices started being able to report into the controller / the controller showed those devices as online.

This is just another experience of negative experiences I’ve had when proxy is turned on for other situations also. Clearly a user error - I don’t really understand what it does.

Can someone dummy down what proxy does? And how proxying that DNS entry breaks getting to my home network?

From pages I read, when proxy is on, a cloudflare IP is returned and for a website on the origin site, cloudflare may have some of the website and serve that up. Otherwise, it gets the pages / items from the origin server.

So in my case, (me still successfully accessing the unifi server on my home network with firewall allowing traffic in on port 8443 works, but devices on 8081 can’t), is it the port number that’s the issue with proxy? Or something else?

Do you have a list of situations when you don’t enable proxy on a DNS entry?

Normally, requests are sent directly from the visitor to your home network, and the response directly back to the visitor.
With a proxy, the requests are sent to Cloudflare first and Cloudflare forwards them to your home network. The response is then sent back from your home network to Cloudflare, and from there to the visitor.

This allows Cloudflare to perform services such as a firewall or cache.

8081 is not a port supported by Cloudflare.

Is there any specific reason you want to enable the proxy if you don’t even know what it is?
The proxy only works for HTTP traffic. If you host any other kind of service on your network, say a Minecraft server, you can’t enable the proxy for that hostname.

3 Likes

THANKS! Mind if I ask - how do you get those partial quotes of my post into your post?

You post the whole quote with the quote button repeatedly, cut out the parts not needed in each quote then add your text between the quoted sections?

You asked - why use proxy if I don’t understand it? 'cause if Cloudflare offers it, it must be good? (I told you… I’m a NOOB).

But really, yes, even if it is good, doesn’t mean it should be used for all situations.

And yeah, communicating with a host on 8443 AND 8081 means proxy can’t be used for that host at all.

I’d think (hope?) that it would somehow pass the 8081 data. But I guess that it doesn’t is part of the purpose of the proxy? Keeping port scans from hitting the origin server?

At the same time, that seems like a catch 22 for someone that knows what they are doing? They enable proxy on their host’s dns record because they are only using http on the common ports? Any port scans against their server will fail on other ports? But even then, knocking on the port xyz door on the origin server does tie up the origin server a bit, even to say ‘door’s closed / go away’?

1 Like

When you select text on the forum in your browser, several buttons appear, one of which is “Quote”.

3 Likes

With Cloudflare, you would typically use different hostnames (subdomains) for different applications. Manually adding ports to a domain sucks.

You would then either have a local reverse proxy like Nginx or Apache proxy the requests to the target port, or you would use an Origin Rule in Cloudflare to specify your application’s port.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.