Answer these questions to help the Community help you with Security questions.
What is the domain name?
Have you searched for an answer?
Please share your search results url:
The search results are about unrelated things.
When you tested your domain, what were the results?
My domain is working other than this problem.
Describe the issue you are having:
We’re using a ‘Web Console’ (an SSH-like access that works in the browser) in an AlmaLinux OS (RHEL) on port 9090, but getting a timeout error. Do we need to allow that port via the firewall? If so, how?
What error message or number are you receiving?
What steps have you taken to resolve the issue?
Tried adjusting permissions
Tried adjusting settings in nginx
Was the site working with SSL prior to adding it to Cloudflare?
Yes, still is.
Thanks for the reply. I did look at that article you linked to before, but it only says you can “Change your subdomain to be gray-clouded, via your Cloudflare DNS app, to bypass the Cloudflare network and connect directly to your origin.” That seems to be saying the whole domain would bypass Cloudflare, so I wouldn’t be getting any of the advantages of using Cloudflare, which seems very counter-productive. Is there no way to bypass CF for just that port alone?
Can I create a DNS CNAME record with that port which is grey-clouded? Would that then apply only to that port?
I tried creating an Origin Rule, but that requires that you enter one thing and it gets changed to another. So, I tried one that says if “https://humortimes.com:9080” is requested, direct it to “https://humortimes.com:9090”. Is that the idea? Anyway, it’s not working, I get the same timeout error.
It seems like there ought to be a way to allow the use of that port.
The subdomain needs to point to your server’s IP address. Whether you do that directly via an A record or indirectly via a CNAME record that points to another hostname on your server does not matter.
I don’t know your Nginx configuration, but you’ll need to configure different ports for http and https. But honestly, for SSH-like stuff, I’d just skip the HTTP configuration and only use HTTPS.
Also, if you use a different subdomain, there isn’t really a reason to use a different port at all, you can just use 443 for HTTPS.
With cockpit (info here), which is the ‘Web Console’ I was referring to, they say you can login to the console through the domain name (or ip) paired with the 9090 port. Or, you can set up a subdomain, then configure it to work with the cockpit console. So, I’m trying the subdomain method, and have it set up as the instructions indicate. I also set up a proxied CNAME for the subdomain on Cloudflare. However, when I use that url, it ends up at my other subdomain, not connecting with cockpit. I tried grey-clouding it, but it warns against exposing the domain.
So, I’m not sure how to do it with Cloudflare. Any ideas?