Spectrum configuration

I’ve found support and documentation regarding Cloudflare somewhat lacking to say the least. Looking for tips/best practices to setup Spectrum on a node and confirm that it is working.

I’m not sure exactly what the node is, but Enterprise Spectrum is essentially a special DNS record that points to a port on a server.

Or are you talking about Spectrum for Minecraft or SSH?

1 Like

The node in question is the external landing page for our VPN login, which uses a custom port. Since it uses a custom port, I was told by Cloudflare support that the normal DNS configuration in Cloudflare cannot be used. I’m looking for details on how to setup Spectrum to protect this page.

With Spectrum, the entire hostname would be proxied:

It looks a lot like the Minecraft/SSH Spectrum setup, but with more options for the additional ports.

This is the same link that Cloudflare support gave me (kind of proves my point, apologies, but I’m beyond frustrated with the lack of support). I need more details, specifically:

For this application, should the application be TCP? HTTPS?

Should the origin use the hostname or the IP?

Once Spectrum is configured for the host, do I need to configure firewall rules just like in a standard DNS proxy configuration?

How do I confirm that Spectrum is working once the application is configured? Is there a way to test?

I’m sorry, I didn’t see you mention that.

My first reply was 90 minutes after you posted. 5 minutes after your second message.

As you have an Enterprise plan, you should have a pretty good line of communication with Support.

Your description makes me think it’s HTTPS. I’ve only used Spectrum for non-HTTPS, which behaves differently with regards to encryption.

In my case, it’s the IP address of the server.

Since I wasn’t using HTTPS, I didn’t experiment with Firewall Rules. I’m not entirely sure Firewall Rules works with Spectrum, as I’ve not seen evidence of this. Even when configuring Firewall Rules, there’s no Port option. Docs only say that Firewall → Tools (IP Access Rules) are they way to block traffic. There’s a slight chance that Teams Access would be another way.

It’ll either connect, or it won’t. Spectrum is tied to a :orange: Proxied hostname. If the connection goes through to your non-standard port, it’s working.

Thank you, you’ve already been more helpful than all of my previous interactions with support. My issue isn’t with the speed of responses I get, but rather the quality. I can Google support documentation on my own, I should get more than that from Enterprise level support (and do from other vendors).

A question @user10490.

Can you explain a bit more the setup? I am not sure Spectrum would be required if it’s just a non-standard HTTPS port. Can you also confirm you are on the Enterprise plan?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.