I had self-hosted services on a Raspberry Pi using Docker in my college room. Since I couldn’t set up port forwarding, I couldn’t enable HTTPS for them. I know that I can still have https without port forwarding but it is not straightforward and difficult for me. And, I used cloudflare tunnel to access them from outside my college network. When I access them using cloudflare tunnel, it uses HTTPS. However, I found conflicting information online about the connection between the server and cloudflare, with some sources saying it’s HTTP and others saying it’s HTTPS. What’s true?
What you read online may have been referring to how cloudflare itself can always see the unencrypted traffic?
Cloudflare tunnels are encrypted, but inside of that encrypted tunnel could be a regular http stream.
Nobody can answer this because it depends entirely on how you set it up. It can be set up either way. Whatever you point your internal endpoint at is what it is.
Cloudflare tunnels uses a QUIC connection between the cloudflared on the server and Cloudflare itself, which is encrypted similarly to HTTPS.
Whatever protocol cloudflared uses to talk to your webserver locally is configurable through the Cloudflare access web UI (just change http to https). I’ve actually got it configured to use unix sockets, which lets me treat it differently in my nginx config.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| HTTP | Hypertext Transfer Protocol, the Web |
| HTTPS | HTTP over SSL |
| SSL | Secure Sockets Layer, for transparent encryption |
| VPN | Virtual Private Network |
| nginx | Popular HTTP server |
[Thread #929 for this sub, first seen 20th Aug 2024, 20:05] [FAQ] [Full list] [Contact] [Source code]
The answer depends on how you’re serving your content. Based on what you’ve described about your setup, your content is likely served over HTTP through the secured tunnel. The tunnel acts like an encrypted VPN, which allows unencrypted content to be sent securely over the wire. This means although your web server is serving unencrypted content, it gets encrypted before it goes to Cloudflare, so no one along the path could snoop on it.
