Comment on page
How to use Cloudflare
Q: I can use a Cloudflare proxy in front of my rport server?
To use RPort with Cloudflare, you must set up two DNS records.
- 1.One, let's say
rport.example.com
for the API and the UI/dashboard - 2.And one for accessing the tunnels, let's say
tunnels.rport.example.com
The first will point to the Cloudflare Proxy, and Cloudflare handles the certificate. Set up your firewall properly so access without Cloudflare is denied. Otherwise, you wouldn't benefit from the Cloudflare DOS protection.
The second record,
tunnels.rport.exmaple.com
points directly to your rport server. With the above DNS setup, you can generate a Let's encrypt certificate on the rport server.
certbot certonly -d tunnels.rport.exmaple.com \
-n --agree-tos --standalone \
--register-unsafely-without-email
You might need to stop rportd during the certificate request because certbot needs to bind to port 80 for the verification process.
/etc/rport/rportd.conf
[server]
... snip ...snap
## Optionally defines the hostname or IP address used to generate links pointing to running tunnels.
## By default, all links are relative to the URL of the API or UI.
## If you run the API/UI behind a reverse proxy that is incapable of forwarding raw TCP/UDP packets,
## you can specify a separated tunnel_host to access tunnels, bypassing the reverse proxy.
tunnel_host = "tunnels.rport.example.com"
... snip ...snap
tunnel_proxy_cert_file = "/etc/letsencrypt/live/tunnels.rport.exmaple.com/fullchain.pem"
tunnel_proxy_key_file = "/etc/letsencrypt/live/tunnels.rport.exmaple.com/key.pem"
Last modified 1yr ago