CloudFlare flexible SSL

Steamcast is a stand alone server that combines the features of SHOUTcast and Icecast2 and more to make one mega awesome server.
Post Reply
DJIronic
Posts: 16
Joined: Sat Dec 09, 2017 7:49 am

CloudFlare flexible SSL

Post by DJIronic »

Hi guys,

as long as your system is not supporting SSL. I want to "cheat it" with CloudFlare flexible SSL. Thi should allow me to fetch data under port 80/HTTP and server it to a client under port 443 with valid SSL from CloudFlare.

Unfortunately, it does not work. Cloudflare will just get error 502 - bad gateway. I contacted them and they said me that "something" is blocking their CDN (CF IPs) to access the server.

Iptables are completely disabled on the Debian server and there is no firewall before the server, so I am not blocking anything.

Is it possible that there is some filtering on SteamCast's side that prevents CloudFlare to connect?

Here is the answer I got: Image

When I load it under direct IP/port 80/HTTP. It works just fine.

Thanks for your time and answer
User avatar
Jay
Will work for food (Administrator)
Posts: 3020
Joined: Mon Jan 14, 2002 12:48 am
Location: Next Door
Contact:

Re: CloudFlare flexible SSL

Post by Jay »

The only filter that could occur is the Ban filter which you control in the administrative interface.

We would need to know more about the specific request that CloudFlare makes to Steamcast to really give a definitive answer as to what is going wrong. If you could run a packet sniffer on your system to capture a sample it might give us a clue as to where things might be going wrong.
- Jay
DJIronic
Posts: 16
Joined: Sat Dec 09, 2017 7:49 am

Re: CloudFlare flexible SSL

Post by DJIronic »

I am not sure that I know how to sniff packets on Linux, but it´s testing server created just for this testing, so I don't have any problem to insert your SSH key into server, so you can test whatever you want.

CloudFlare should work as a normal reverse proxy.

Thank you for answer.
User avatar
Max
Posts: 153
Joined: Fri Oct 21, 2011 1:39 am

Re: CloudFlare flexible SSL

Post by Max »

Hi,

I just tested this with our Windows test server and it appears to work fine.
DJIronic
Posts: 16
Joined: Sat Dec 09, 2017 7:49 am

Re: CloudFlare flexible SSL

Post by DJIronic »

That´s really interesting. I just installed the sever, switched port to 80 and enabled the Cloudflare.

https://steamcast.lfczradio.eu

Runnin on Debian 8 Linux VPS.
User avatar
Max
Posts: 153
Joined: Fri Oct 21, 2011 1:39 am

Re: CloudFlare flexible SSL

Post by Max »

Hi,

I have now tested it with Ubuntu 16.04 (since its Debian Stretch based). Seems to work fine. You might see if a Apache or Nginx server is able to be seen by CloudFlare. Steamcast is at the whim of any firewalls that could be in the OS or the ISP. To Steamcast a reverse proxy like CloudFlare is like any other client.
DJIronic
Posts: 16
Joined: Sat Dec 09, 2017 7:49 am

Re: CloudFlare flexible SSL

Post by DJIronic »

Ok, thank you for your tests.

I will reinstall the server and I will try another ISP and then I will try it again.

I will also try ubuntu instead of Debian.

Thank you again guys, I will keep you informed.
DJIronic
Posts: 16
Joined: Sat Dec 09, 2017 7:49 am

Re: CloudFlare flexible SSL

Post by DJIronic »

OK, I reinstalled the server to CentOS, disabled iptables and the problem is still here.

I can load it under HTTP, but HTTPS will give me error Error 521(Web server is down) and then immediately reload to error 502 (Bad gateway).

Here you can check it: http://sc.lfczradio.eu and https://sc.lfczradio.eu.

Please, can you send me your config that works with CF to check that there is no problem in my SteamCast's configuration?

Thank you in advance,
mrkarron
Posts: 6
Joined: Tue Aug 16, 2016 7:09 pm

Re: CloudFlare flexible SSL

Post by mrkarron »

Is there a timetable, or best guess, when a new version will be released that includes SSL support?
User avatar
Max
Posts: 153
Joined: Fri Oct 21, 2011 1:39 am

Re: CloudFlare flexible SSL

Post by Max »

Can you put or PM a link that just goes directly to the server (bypasses CloudFlare)?

The only thing you need in Steamcast's configuration is: PortBase 80

That is it. For CloudFlare you need Flexible SSL turned on under the Crypto settings.

For the OS you need to make sure port reservations are not conflicting with Steamcast and the firewall allows port 80 traffic.
mrkarron wrote: Sun Dec 10, 2017 10:45 am Is there a timetable, or best guess, when a new version will be released that includes SSL support?
It depends on finding a good and correct way to go about it while supporting all the OSes. I like ASIO but it doesn't support using native Windows crypto functions (it'll only use OpenSSL). Which is important for Certificate Authority verification since Steamcast would also be made to be a client (for relaying and future clustering). I have been just making moves to write my own solution, building a wrapper around sockets.

p.s., I removed the links in my previous posts. As I do not wish to permanently run Steamcast through CloudFlare.
DJIronic
Posts: 16
Joined: Sat Dec 09, 2017 7:49 am

Re: CloudFlare flexible SSL

Post by DJIronic »

Hi guys,

I was searching and testing and I found the problem. It´s on CF side. I am using Full (strict) SSL on the main domain settings, but I created page rule that should use flexible SLL for this subdomain, but it´s ignored.

I created new domain with complete Flexible SSL and it´s working, so thank you for your help and time. Now it´s between me and CloudFlare.
Post Reply