# How to use Cloudflare

### DNS Setup

To use RPort with Cloudflare, you must set up two DNS records.

1. One, let's say `rport.example.com` for the API and the UI/dashboard&#x20;
2. And one for accessing the tunnels, let's say `tunnels.rport.example.com`

The first will point to the Cloudflare Proxy, and Cloudflare handles the certificate. Set up your firewall properly so access without Cloudflare is denied. Otherwise, you wouldn't benefit from the Cloudflare DOS protection.&#x20;

The second record, `tunnels.rport.exmaple.com` points directly to your rport server.&#x20;

### RPort server configuration

With the above DNS setup, you can generate a Let's encrypt certificate on the rport server.

```
certbot certonly -d tunnels.rport.exmaple.com \
-n --agree-tos --standalone \
--register-unsafely-without-email
```

You might need to stop rportd during the certificate request because certbot needs to bind to port 80 for the verification process.

Use the created [certificate for the tunnels](https://github.com/openrport/openrport/blob/0.8.0/rportd.example.conf#L204-L205).&#x20;

Make sure tunnels [use the tunnel FQDN](https://github.com/openrport/openrport/blob/0.8.0/rportd.example.conf#L40). By default, tunnels, and the API/UI use the same FQDN.

{% code title="/etc/rport/rportd.conf" %}

```toml
[server]
  ... snip ...snap
  ## Optionally defines the hostname or IP address used to generate links pointing to running tunnels.
  ## By default, all links are relative to the URL of the API or UI.
  ## If you run the API/UI behind a reverse proxy that is incapable of forwarding raw TCP/UDP packets,
  ## you can specify a separated tunnel_host to access tunnels, bypassing the reverse proxy.
  tunnel_host = "tunnels.rport.example.com"
  ... snip ...snap
  tunnel_proxy_cert_file = "/etc/letsencrypt/live/tunnels.rport.exmaple.com/fullchain.pem"
  tunnel_proxy_key_file = "/etc/letsencrypt/live/tunnels.rport.exmaple.com/key.pem"
```

{% endcode %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kb.openrport.io/digging-deeper/faq/how-to-use-cloudflare.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.