Websocket timeout over cloudflare tunnel

Good day, everyone!

My setup is the following:

  • Hikvision camera
  • It is accessible via reverse-proxy with TLS termination (traefik)
  • Cloudflare tunnel via docker container

Camera GUI uses HTTP (port 80) to fetch the main content + websockets (port 7681) to stream the video.

When I access the GUI from my local network via reverse-proxy using https everything works perfectly fine – pages are loading and the websocket streaming is working.

However, when I try to access it via the tunnel (using a public domain), pages are loading, but websocket streaming is not working: the connection request times out.

I enabled debug logging in cloudflared – there is absolutely no output when I try to establish websocket connection using 7682 port. Thus, I assume the request never arrives through the tunnel and is dropped somewhere on the cloudflare level (unless there is some special logging logic in the daemon).

Are there any port/protocol restrictions for tunnels? (I didn’t setup any firewall rules with cloudflare).

P.S. I do not intend to use the tunnel for constant streaming, just to be able to check the camera once in a while.

OK, I guess I am an idiot. I have set-up the tunnel with the proxy (and not Spectrum), which supports only 80 and 443 ports. Cloudflare access and proxy different ports?

1 Like

Eventually, I have solved the problem with extremely ugly solution, since the camera does not allow such fine-tuning of GUI requests.

I have used the body rewrite traefik plugin https://github.com/traefik/plugin-rewritebody to patch the GUI source code from the camera https response and replace the port from 7682 to 443. Then, added a rule to match websocket requests by Upgrade: websocket header.

1 Like