Running a bitcoin full listening node with zero trust tunnel

Hi guys.

Cloudflare noob here but loving the product so far!

Is it possible to run a bitcoin full listening node using cloudflare tunnel?

My router is behind a CG-NAT so my node running on home network cant accept inbound connections regardless of whether I set up port forwarding on 8333

current connection:

Bitcoin Core v22.0.0 - 70016/Satoshi:22.0.0/
        ipv4    ipv6   onion   total   block
in          0       0       0       0
out      10       0       0      10       2
total    10       0       0      10

To mitigate this I tried using a cloudflare tunnel to expose the server running my btc node.
cloudflared config below:

tunnel: <my_tunnel_id_string>
credentials-file: /home/me/.cloudflared/<my_tunnel_id_string>.json
ingress:
  - hostname: dashboard.<my_domain>  
    service: http://192.168.20.16:8333
  
  - service: http_status:404

warp-routing:
    enabled: true

I think the config is working as I am able to expose a nextcloud instance on port 80 for example, but I still cannot get my node to accept inbound connections.

This problem is driving me mad!

Help appreciated.

Greetings,

Thank you for asking.

I am sorry to hear you’re having an issue here, however let’s try to gather more feedback information so we could troubleshoot it and find a solution for your case.

I’d suggest and try to set this up a bit, just in case, to one of the supported and compatible ports by Cloudflare as follows for HTTP(S) on the article below:

So you’re running a cloudflared tunnel which you manage locally, correct?
It’s not managed via the Zero Trust Dasbhaord?

May I ask if you’re running Nextcloud in a container environment like Docker or? :thinking:

All right, that sounds okay.

May I ask does your router accept both inbound and outbound packets over 8333 correctly? :thinking:

So this is the 1st level sub-domain, correct?

All right, you’re going over the WARP too.

You’d have to double-check and make sure Cloudflare IPs are trusted in the NextCloud.

Furthermore, since you’re running it on a HTTP, you’d either need to use NoTLSVerify or configure the SSL certificate.

Below post contains some more replies (with the stated Trusted IPs, some more tips and tricks) and information which you might find helpful: