Code for Coin

Discoveries in everyday software consulting

11 months ago in Tutorial · 1 MIN READ

Double Reverse Proxy with pfSense and CloudFlare + Full SSL - Part 2

In my last tutorial we covered setting up a reverse proxy so you can host multiple domains and sites from a single IP Address.

A problem I didn't really address in the last tutorial was anonymity, or more specifically, keeping your WAN IP hidden while still being able to utilize the reverse proxy in the previous tutorial.

Fortunately, there's a really easy and free solution to this problem, CloudFlare! This is where the double-reverse proxy in the title comes from, you have an internal reverse proxy, and CloudFlare is basically acting as an external reverse proxy that hides your WAN IP. Neato!

CloudFlare provides a bunch of extra pros other than just acting as a reverse-proxy such as DDOS protection but I won't cover it here as it's outside the scope of this tutorial but I suggest you check their site out for more information.

The first step, as you've might've guessed already, is signing up to CloudFlare. After you've registered go ahead and add a site, during this process you'll need to switch your Nameservers to CloudFlare. If you're using a dynamic DNS service you'll need to use a CNAME as the root (apex) record, this is perfectly fine as CloudFlare will automatically apply CNAME Flattening. When you do this you should see a message/tooltip similar to the one shown below.


Make sure the cloud is orange under the status column, if not click it to turn it orange. A gray cloud means traffic will not be routed through CloudFlare - meaning that endpoint is directly exposed, this is usually fine for things typically not hosted on your network (IMAP, POP, etc) but we definitely want it on for things routed to our WAN IP.

After your DNS records have been migrated and you've verified them, you may need to wait a few hours for the changes to propagate to other DNS servers.

That's it, your WAN IP is now hidden by CloudFlare!

In the next tutorial I'll cover setting up Full (strict) SSL encryption with CloudFlare.


Jonathan Bastnagel

comments powered by Disqus

© 2017 Code for Coin ยท Proudly powered by Canvas