CloudFlare flexible SSL
CloudFlare flexible SSL
Hi guys,
as long as your system is not supporting SSL. I want to "cheat it" with CloudFlare flexible SSL. Thi should allow me to fetch data under port 80/HTTP and server it to a client under port 443 with valid SSL from CloudFlare.
Unfortunately, it does not work. Cloudflare will just get error 502 - bad gateway. I contacted them and they said me that "something" is blocking their CDN (CF IPs) to access the server.
Iptables are completely disabled on the Debian server and there is no firewall before the server, so I am not blocking anything.
Is it possible that there is some filtering on SteamCast's side that prevents CloudFlare to connect?
Here is the answer I got:
When I load it under direct IP/port 80/HTTP. It works just fine.
Thanks for your time and answer
as long as your system is not supporting SSL. I want to "cheat it" with CloudFlare flexible SSL. Thi should allow me to fetch data under port 80/HTTP and server it to a client under port 443 with valid SSL from CloudFlare.
Unfortunately, it does not work. Cloudflare will just get error 502 - bad gateway. I contacted them and they said me that "something" is blocking their CDN (CF IPs) to access the server.
Iptables are completely disabled on the Debian server and there is no firewall before the server, so I am not blocking anything.
Is it possible that there is some filtering on SteamCast's side that prevents CloudFlare to connect?
Here is the answer I got:
When I load it under direct IP/port 80/HTTP. It works just fine.
Thanks for your time and answer
-
Jay
- Will work for food (Administrator)
- Posts: 3025
- Joined: Mon Jan 14, 2002 12:48 am
- Location: Next Door
- Contact:
Re: CloudFlare flexible SSL
The only filter that could occur is the Ban filter which you control in the administrative interface.
We would need to know more about the specific request that CloudFlare makes to Steamcast to really give a definitive answer as to what is going wrong. If you could run a packet sniffer on your system to capture a sample it might give us a clue as to where things might be going wrong.
We would need to know more about the specific request that CloudFlare makes to Steamcast to really give a definitive answer as to what is going wrong. If you could run a packet sniffer on your system to capture a sample it might give us a clue as to where things might be going wrong.
- Jay
Re: CloudFlare flexible SSL
I am not sure that I know how to sniff packets on Linux, but it´s testing server created just for this testing, so I don't have any problem to insert your SSH key into server, so you can test whatever you want.
CloudFlare should work as a normal reverse proxy.
Thank you for answer.
CloudFlare should work as a normal reverse proxy.
Thank you for answer.
Re: CloudFlare flexible SSL
Hi,
I just tested this with our Windows test server and it appears to work fine.
I just tested this with our Windows test server and it appears to work fine.
Re: CloudFlare flexible SSL
That´s really interesting. I just installed the sever, switched port to 80 and enabled the Cloudflare.
https://steamcast.lfczradio.eu
Runnin on Debian 8 Linux VPS.
https://steamcast.lfczradio.eu
Runnin on Debian 8 Linux VPS.
Re: CloudFlare flexible SSL
Hi,
I have now tested it with Ubuntu 16.04 (since its Debian Stretch based). Seems to work fine. You might see if a Apache or Nginx server is able to be seen by CloudFlare. Steamcast is at the whim of any firewalls that could be in the OS or the ISP. To Steamcast a reverse proxy like CloudFlare is like any other client.
I have now tested it with Ubuntu 16.04 (since its Debian Stretch based). Seems to work fine. You might see if a Apache or Nginx server is able to be seen by CloudFlare. Steamcast is at the whim of any firewalls that could be in the OS or the ISP. To Steamcast a reverse proxy like CloudFlare is like any other client.
Re: CloudFlare flexible SSL
Ok, thank you for your tests.
I will reinstall the server and I will try another ISP and then I will try it again.
I will also try ubuntu instead of Debian.
Thank you again guys, I will keep you informed.
I will reinstall the server and I will try another ISP and then I will try it again.
I will also try ubuntu instead of Debian.
Thank you again guys, I will keep you informed.
Re: CloudFlare flexible SSL
OK, I reinstalled the server to CentOS, disabled iptables and the problem is still here.
I can load it under HTTP, but HTTPS will give me error Error 521(Web server is down) and then immediately reload to error 502 (Bad gateway).
Here you can check it: http://sc.lfczradio.eu and https://sc.lfczradio.eu.
Please, can you send me your config that works with CF to check that there is no problem in my SteamCast's configuration?
Thank you in advance,
I can load it under HTTP, but HTTPS will give me error Error 521(Web server is down) and then immediately reload to error 502 (Bad gateway).
Here you can check it: http://sc.lfczradio.eu and https://sc.lfczradio.eu.
Please, can you send me your config that works with CF to check that there is no problem in my SteamCast's configuration?
Thank you in advance,
Re: CloudFlare flexible SSL
Is there a timetable, or best guess, when a new version will be released that includes SSL support?
Re: CloudFlare flexible SSL
Can you put or PM a link that just goes directly to the server (bypasses CloudFlare)?
The only thing you need in Steamcast's configuration is: PortBase 80
That is it. For CloudFlare you need Flexible SSL turned on under the Crypto settings.
For the OS you need to make sure port reservations are not conflicting with Steamcast and the firewall allows port 80 traffic.
p.s., I removed the links in my previous posts. As I do not wish to permanently run Steamcast through CloudFlare.
The only thing you need in Steamcast's configuration is: PortBase 80
That is it. For CloudFlare you need Flexible SSL turned on under the Crypto settings.
For the OS you need to make sure port reservations are not conflicting with Steamcast and the firewall allows port 80 traffic.
It depends on finding a good and correct way to go about it while supporting all the OSes. I like ASIO but it doesn't support using native Windows crypto functions (it'll only use OpenSSL). Which is important for Certificate Authority verification since Steamcast would also be made to be a client (for relaying and future clustering). I have been just making moves to write my own solution, building a wrapper around sockets.
p.s., I removed the links in my previous posts. As I do not wish to permanently run Steamcast through CloudFlare.
Re: CloudFlare flexible SSL
Hi guys,
I was searching and testing and I found the problem. It´s on CF side. I am using Full (strict) SSL on the main domain settings, but I created page rule that should use flexible SLL for this subdomain, but it´s ignored.
I created new domain with complete Flexible SSL and it´s working, so thank you for your help and time. Now it´s between me and CloudFlare.
I was searching and testing and I found the problem. It´s on CF side. I am using Full (strict) SSL on the main domain settings, but I created page rule that should use flexible SLL for this subdomain, but it´s ignored.
I created new domain with complete Flexible SSL and it´s working, so thank you for your help and time. Now it´s between me and CloudFlare.