How to use Cloudflare

Q: I can use a Cloudflare proxy in front of my rport server?

DNS Setup

To use RPort with Cloudflare, you must set up two DNS records.

  1. One, let's say rport.example.com for the API and the UI/dashboard

  2. And one for accessing the tunnels, let's say tunnels.rport.example.com

The first will point to the Cloudflare Proxy, and Cloudflare handles the certificate. Set up your firewall properly so access without Cloudflare is denied. Otherwise, you wouldn't benefit from the Cloudflare DOS protection.

The second record, tunnels.rport.exmaple.com points directly to your rport server.

RPort server configuration

With the above DNS setup, you can generate a Let's encrypt certificate on the rport server.

certbot certonly -d tunnels.rport.exmaple.com \
-n --agree-tos --standalone \
--register-unsafely-without-email

You might need to stop rportd during the certificate request because certbot needs to bind to port 80 for the verification process.

Use the created certificate for the tunnels.

Make sure tunnels use the tunnel FQDN. By default, tunnels, and the API/UI use the same FQDN.

/etc/rport/rportd.conf
[server]
  ... snip ...snap
  ## Optionally defines the hostname or IP address used to generate links pointing to running tunnels.
  ## By default, all links are relative to the URL of the API or UI.
  ## If you run the API/UI behind a reverse proxy that is incapable of forwarding raw TCP/UDP packets,
  ## you can specify a separated tunnel_host to access tunnels, bypassing the reverse proxy.
  tunnel_host = "tunnels.rport.example.com"
  ... snip ...snap
  tunnel_proxy_cert_file = "/etc/letsencrypt/live/tunnels.rport.exmaple.com/fullchain.pem"
  tunnel_proxy_key_file = "/etc/letsencrypt/live/tunnels.rport.exmaple.com/key.pem"

Last updated