SOLVED: Cloudflare Tunnel issue after 10.10.7 update

[CrankyCanuck]

Hi folks,

I'm running a Cloudflare tunnel to access my Jellyfin setup remotely, and after an upgrade to 10.10.7, web elements are not coming through correctly on the main page.

The Cloudflare tunnel is set up to forward an external hostname directly to the Jellyfin server IP and port, so no (other) reverse proxy is enabled.

To be clear, I can access the server; per the attached image, the WebUI elements are simply "broken" when accessing it through the tunnel. I can access the server directly on my LAN and it works without issue.

I tried plugging various items into the "known proxies" section per the forum posting, but no matter which I put in there (localhost, the LAN IP of my server, the Cloudflare tunnel, etc), it doesn't seem to matter.

I'm positive I'm missing something small. Could someone help point me in the right direction, please?

[TheDreadPirate]

Using CF tunnels to serve video and audio streams is against their TOS and is not recommended.

Additionally, with the new requirements to set a known proxy, this essentially makes CF tunnels non-viable.

The known proxies field can accept IPs, CIDRS, or host names of the host running your reverse. But not your domain name. Since the IP/host of your CF tunnel host is not constant, using them is not viable. And, again, against their TOS.

[CrankyCanuck]

I mean, I think the Cloudflare item was resolved a while ago (https://blog.cloudflare.com/updated-tos/), but that's definitely a whole other topic and kind of a moot point if tunnels are no longer viable with Jellyfin.

Thanks for the response. I'll start the process of setting up a reverse proxy!

[TheDreadPirate]

There is a separate page regarding streaming video specifically.

https://developers.cloudflare.com/fundam...loudflare/

They have a PAID tier service for proxying video streaming services. The free proxy they offer does not allow video streaming.

[Austin]

Using CF tunnels to serve video and audio streams is against their TOS and is not recommended.

Additionally, with the new requirements to set a known proxy, this essentially makes CF tunnels non-viable.

The known proxies field can accept IPs, CIDRS, or host names of the host running your reverse.  But not your domain name.  Since the IP/host of your CF tunnel host is not constant, using them is not viable.  And, again, against their TOS.

I hate to be "that guy", but if the field accepts subnets expressed in CIDR notation, wouldn't entering 0.0.0.0/0 effectively bypass the feature and allow this to work? Obviously it would still be a violation of cloudflare's TOS. Also obviously you just gave up any security benefit the feature added as well.