cloudflared
cloudflared copied to clipboard
cloudflare
A feature to pointing Cloudflare custom port
Describe the feature you'd like
Please add a feature to use custom Cloudflare ports such as 2053, 2083, 2087, 2096, and 8443. It would be nicer if we can assign each port with different applications. Right now, a single cloudflared tunnel will be forwarded to all Cloudflare custom ports. Also, It could be a problem for some cases such as SEO.
Describe alternatives you've considered Otherwise, we can disable the forwarding to all the ports other than 80 and 443.
Hello @dk-regen
What port are you referring to?
Today we have:
- cloudflared tunnel egresses to Cloudflare Global Network on port 7844
- that establishes long lived connections, that are used by Cloudflare to push requests/traffic down to the origin; the origin can be on any port, and is controllable by the cloudflared tunnel operator/admin
Hi @nmldiegues Thank you for your reply. What I mean is not the origin port, but Cloudflare itself. Yes, I know I can use any port in the origin server. Let me give you some examples of what I've been done to produce this issue.
First, create a tunnel using cloudflared:
cloudflared tunnel --url http://192.168.99.102:4000
2022-04-07T08:06:07Z INF Thank you for trying Cloudflare Tunnel. Doing so, without a Cloudflare account, is a quick way to experiment and try it out. However, be aware that these account-less Tunnels have no uptime guarantee. If you intend to use Tunnels in production you should use a pre-created named tunnel by following: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps
2022-04-07T08:06:07Z INF Requesting new quick Tunnel on trycloudflare.com...
2022-04-07T08:06:08Z INF +--------------------------------------------------------------------------------------------+
2022-04-07T08:06:08Z INF | Your quick Tunnel has been created! Visit it at (it may take some time to be reachable): |
2022-04-07T08:06:08Z INF | https://tracker-carnival-sitemap-basketball.trycloudflare.com |
2022-04-07T08:06:08Z INF +--------------------------------------------------------------------------------------------+
2022-04-07T08:06:08Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp]
2022-04-07T08:06:08Z INF Version 2022.3.4
2022-04-07T08:06:08Z INF GOOS: windows, GOVersion: go1.17.5, GoArch: amd64
2022-04-07T08:06:08Z INF Settings: map[protocol:quic url:http://192.168.99.102:4000]
2022-04-07T08:06:08Z INF cloudflared will not automatically update on Windows systems.
2022-04-07T08:06:08Z INF Generated Connector ID: 03a7066a-b144-4641-952b-994ccccf2840
2022-04-07T08:06:08Z INF Initial protocol quic
2022-04-07T08:06:08Z INF cloudflared does not support loading the system root certificate pool on Windows. Please use --origin-ca-pool <PATH> to specify the path to the certificate pool
2022-04-07T08:06:08Z INF Starting metrics server on 127.0.0.1:10963/metrics
2022-04-07T08:06:08Z ERR Failed to serve quic connection error="Unauthorized: Failed to get tunnel" connIndex=0
2022-04-07T08:06:08Z ERR Register tunnel error from server side error="Unauthorized: Failed to get tunnel" connIndex=0
2022-04-07T08:06:09Z INF Retrying connection in up to 2s seconds connIndex=0
2022-04-07T08:06:10Z ERR Failed to serve quic connection error="Unauthorized: Failed to get tunnel" connIndex=0
2022-04-07T08:06:10Z ERR Register tunnel error from server side error="Unauthorized: Failed to get tunnel" connIndex=0
2022-04-07T08:06:10Z INF Retrying connection in up to 4s seconds connIndex=0
2022-04-07T08:06:11Z ERR Failed to serve quic connection error="Unauthorized: Failed to get tunnel" connIndex=0
2022-04-07T08:06:11Z ERR Register tunnel error from server side error="Unauthorized: Failed to get tunnel" connIndex=0
2022-04-07T08:06:11Z INF Retrying connection in up to 8s seconds connIndex=0
2022-04-07T08:06:15Z INF Connection 3ab8d812-21c6-4ced-b0d2-9258573abaa3 registered connIndex=0 location=SIN
2022-04-07T08:06:16Z INF Connection 02ad06a5-3129-416d-bbaa-53d991451490 registered connIndex=1 location=LAX
2022-04-07T08:06:17Z INF Connection 0c694091-8ed4-46f4-b420-fe9b2abd2505 registered connIndex=2 location=SIN
2022-04-07T08:06:18Z INF Connection a1b90940-7017-4655-8d87-fa32ef77c48b registered connIndex=3 location=LAX
After that, we can access the Apps using all of Cloudflare's opened ports. Check this out: https://tracker-carnival-sitemap-basketball.trycloudflare.com:443 https://tracker-carnival-sitemap-basketball.trycloudflare.com:2053 https://tracker-carnival-sitemap-basketball.trycloudflare.com:2083 https://tracker-carnival-sitemap-basketball.trycloudflare.com:2087 https://tracker-carnival-sitemap-basketball.trycloudflare.com:2096 https://tracker-carnival-sitemap-basketball.trycloudflare.com:8443
And yes, we can also configure the origin server via the Cloudflare tunnel admin page, and I suggest editing the form to be like this:
I don't know if this is a bug or an unfinished feature of Cloudflare tunnel, as it's still on the Beta version. But if we can have such a feature to point the app to desired Cloudflare opened port, it would be really really nice to have. It also very helpful for the user if they want to combine Cloudflare tunnel and physical IP on their load balancing.
Ok, so you are talking about ports that can be used for domains resolved through Cloudflare: https://developers.cloudflare.com/fundamentals/get-started/network-ports/
All of them work the same.
We don't actually have any control over that from Tunnel perspective. So in fact, we can't do what you are asking for.
But regardless, I still haven't understood exactly: what would you gain by having the ability to choose which port(s) the domain accepts?
Hi @nmldiegues
Well, there are no specific benefits of using port instead of sub-domain, but more like as a preference. Some people preferred to use subdomains and some people preferred to use ports. But for people like me that already use ports in their applications and are willing to use Cloudflare tunnel, that might be a problem. I don't want to modify hundreds of nodes in my applications. You know, "if it ain't broke, don't fix it".
The main point is, that this is just weird behavior when you start the tunnel, it becomes live in many ports. What I expect, it automatically only lives on port 80 or 443 as we can't specify the port in the first place. Like I said in the first post, as an alternative we can shut down the other port if this is not doable. Should this be considered bugs?