How to set reverse proxy cloudflare website

dx0eu · January 15, 2020, 9:12am

Hi all.
I am use traefik:v2.0, and I want to reverse proxy a website. This website is use cloudflare CDN. and I have a problem, when I set traefik config, I get 403 Forbidden error from Cloudflare.

This is my config.

trafik.toml

[entryPoints]
[entryPoints.web]
address = ":80"

[providers]
[providers.file]
directory = "/etc/traefik/conf.d"
watch = true

[api]
insecure = true

/etc/traefik/conf.d/some.toml

[http]
[http.routers]
[http.routers.lod1]
rule = "Host(`lod1.docker.localhost`)"
middlewares = ["test-header"]
service = "lod1"

[http.services]
[http.services.lod1.loadBalancer]
[[http.services.lod1.loadBalancer.servers]]
url = "https://lod1.akafwtll.tk" # This is i want to proxy website
# url = "https://httpbin.org"

[http.middlewares]
[http.middlewares.test-header.headers]
[http.middlewares.test-header.headers.customRequestHeaders]
X-Forwarded-Host = "lod1.akafwtll.tk"

[http.middlewares.test-header.headers.customResponseHeaders]
X-Custom-Response-Header = "value"

And this is my test.

curl -vvv -H Host:lod1.docker.localhost http://127.0.0.1/

*   Trying x.x.x.x:80...
* TCP_NODELAY set
* Connected to 127.0.0.1 (x.x.x.x) port 80 (#0)
> GET / HTTP/1.1
> Host:lod1.docker.localhost
> User-Agent: curl/7.65.1
> Accept: */*
> X-Forwarded-Host: lod1.akafwtll.tk
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Cf-Ray: 5556aaf28dc2d994-SIN
< Content-Length: 151
< Content-Type: text/html
< Date: Wed, 15 Jan 2020 09:01:54 GMT
< Server: cloudflare
< X-Custom-Response-Header: value
< 
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
* Connection #0 to host 127.0.0.1 left intact

I think this config this right, because when i change [[http.services.lod1.loadBalancer.servers]] -> url to httpbin.org, It's ok. I don't know how to set config for cloudflare website.

Previously used nginx as a proxy, this is the configuration of nginx

  location /lod1/ {
    proxy_pass https://lod1.akafwtll.tk/;

    proxy_redirect off;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header Host "lod1.akafwtll.tk";

    proxy_ssl_server_name on;
    proxy_ssl_name "akafwtll.tk";

    proxy_buffering    off;
    proxy_buffer_size  128k;
    proxy_buffers 100  128k;
    client_max_body_size 100m;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

So, how to set reverse proxy cloueflare website, and how to set proxy_ssl_server_name proxy_ssl_name config in traefik?

Thanks.