6

Is it possible for CloudFlare to get content my server provides over port 8080 and serve it on port 80 to users?

For instance, I have the following IP address 0.0.0.0 and domain example.ga (registered with CloudFlare). Can CloudFlare retrieve content from 0.0.0.0:8080 and display it on example.ga:80?

Joel Coel
  • 12,932
  • 14
  • 62
  • 100
Theo
  • 71
  • 1
  • 1
  • 5
  • Yes (however in this century both should be https :) And of course you would not tell it 0.0.0.0 but the actual IP your server has. This requires you to have different addresses aka hostnames. So you would setup example.ga:80 on cloudflare loading content from inernal.example.ga:8080 or 1.2.3.4:8080 (it is typically a good idea to hide the real host and not publish it in your domain) – eckes Apr 07 '17 at 18:54
  • @eckes How would I do so? CloudFlare does not allow me to add port numbers to the end of my IP addresses in A records. Thanks! – Theo Apr 08 '17 at 04:36

3 Answers3

5

To the best of my knowledge, no. CloudFlare on the free plan can't do port translation. If you make a request on port 80, CloudFlare will send it to your origin on port 80. CloudFlare is essentially invisible. On the enterprise plan CloudFlare may be able to do this for you.

If your server is on port 8080 you should install a reverse proxy. This can be on the same server as the application server, or on a different server. On a different server, with appropriate firewall rules, you can make a DMZ, which increases security.

Nginx is very commonly used as a reverse proxy, either on the same server as your app server or a different server. Nginx can easily accept requests on port 80 then pass them on to an app server running on port 80. It's very lightweight, requiring very little CPU or RAM.

Nginx can also cache pages, based on rules you define, to accelerate serving static resources or anonymous pages. Serving a page from a cache takes much less work than generating the page again. Nginx reverse proxy guide here. I also have an Nginx/Wordpress guide that will give you some more examples on how to cache pages for anonymous users, but not logged in users.

Update based on comments

Apparently on Linux you can use iptables to redirect ports. So for example a server running on port 8080 can respond on port 80. This would have to be set up by a user who as root privileges, as non-privileged users can't listen to ports below 1024.

Tim
  • 31,888
  • 7
  • 52
  • 78
  • On Linix you can also set up a Iptables redirect rule, so the port 80 also answers to requests to 8080, this is typically used when your java web server which has no root priveledge. – eckes Apr 08 '17 at 10:31
0

What you are looking for is called a "Reverse Proxy". That is a web server that acts as an access point for content on another server. The newer versions of Windows Server label it "Application Proxy". They can be configured to request content from another server, or even HTTPS into the proxy pulling from an internal HTTP server. Ideally, everything should be HTTPS. Hope that answers your question and gives you something to look for.

Cory Knutson
  • 1,876
  • 13
  • 20
-1

If your idea is to hide your real IP address, an option would be to get a hosting like an AWS with a public IP "and have CloudFlare point to that IP instead" and run something like Nginx or HAProxy on that server. Those you may configure to connect to your real server as a back end, then configure your router/modem/server/etc. firewall to only accept connections from the IP address of your AWS and any other IP like your own IP if remotely hosting. Also you may configure your AWS to accept connections only from CloudFlare IPs. It would be something like: User -> YourDomain ( CloudFlare -> AWS -> Your Real/Back-end Hosting ) and then flow back to the User, so response time may be delayed a little. OR you can just Skip the AWS and just do the Accept only connections from CloudFlare IPs with the firewall unless you are running other services (FTP, Email, etc.) it will not hide your real IP.

Joe M.
  • 11