CloudFlare and websocket support

For discussion of the Poker Mavens server module and other administration topics

CloudFlare and websocket support

Postby Kent Briggs » Mon Jun 13, 2016 9:58 am

There's good news from CloudFlare, a popular DDOS protection service. They now support websocket connections on all their plans, including the free one. Previously it was only part of their most expensive Enterprise plan, which costs something like $2000 (or more) a month, way out of reach of most Poker Mavens sites. I have not tested this myself so if there are any site owners who have successfully implemented a poker site behind a CloudFlare proxy server with full websocket support, please chime in here with your experience or tips in making that work.

https://support.cloudflare.com/hc/en-us/articles/200169466-Can-I-use-CloudFlare-with-WebSockets-

Ports supported:

https://support.cloudflare.com/hc/en-us/articles/200169156-Which-ports-will-CloudFlare-work-with-
Kent Briggs - [email protected]
Briggs Softworks - http://www.briggsoft.com
Kent Briggs
Site Admin
 
Posts: 3803
Joined: Wed Mar 19, 2008 8:47 pm

Re: CloudFlare and websocket support

Postby Kent Briggs » Fri May 05, 2017 2:53 pm

I finally got around to using CloudFlare protection on my demo site and I can report that it works fine on their free plan and even includes a free SSL cert than can by used by the Gold edition of Poker Mavens. The steps are as follows:

1. Create an account (or log into your existing acount) at CloudFlare.com and select the "Add Site" option and enter your domain name. If you don't have a domain name then you'll first need to buy one at a registrar like GoDaddy.com and then register that in your hosting service control panel. Follow all the default prompts and select the Free plan. Or pay for the Pro plan if you want some extra protections against more types of DDOS attacks. Then follow their instructions for setting the two name servers back at your domain name registrar. Once that propagates around the world, your domain name will point to CloudFlare and they will pass all traffic to your IP and route all responses back to the user such that they will not know your true IP.

2. The default file and packet ports (8087 and 8088) are not supported by CloudFlare so you must change those to any two of these ports: 80, 8080, 8880, 2052, 2082, 2086, 2095. Note that 80 is the default http port so only use it if you are not also running an IIS web server on the same machine.

If you have the Gold edition of Poker Mavens and would like to use SSL encryption, following these additional steps:

3. Click the Crypto button in your CloudFlare account. The SSL option should be set to "Flexible". This will allow SSL connections to your IIS web server (if enabled) without having to install a cert into IIS (which is kind of a tedious process).

4. Skip past the "Edge Certificates" section and go to the "Origin Certificates". Click the "Create Certificate" button and keep the default prompts, letting CloudFlare create an RSA key. You will then see your cert file and private key in PEM (base 64) format. Copy these separately to the clipboard and paste them into a text editor and save them as plain text files. The names do not matter but I'd suggest something like MyDomain.crt for the cert and MyDomain.key for the key. Note that once you press Ok, they will not show your private key again so you'll need to start over if you lose it.

5. Go to this page and copy/paste/save the "Cloudflare Origin CA — RSA Root" file: https://support.cloudflare.com/hc/en-us/articles/218689638-What-are-the-root-certificate-authorities-CAs-used-with-Cloudflare-Origin-CA-. Call it something like MyRoot.crt. Ignore that second file labeled "ECC Root".

6. Now copy the two .crt files and one .key file to your poker server. You can place them anywhere including the program folder where PMServer.exe is located.

7. In your Poker Mavens settings on the System tab, set "SSL Encryption" to Yes, "SSL key file" to the path of your .key file, leave "SSL password" blank, set "SSL certificate file" to the path of your cert file and "SSL root certificate file" to the path of your root cert file.

8. Note that CloudFlare has a different set of supported ports for SSL connections so you must change your File and Packet ports to any of these: 443, 2053, 2083, 2087, 2096, 8443. And in the same way that 80 is the default port for http, 443 is the default port for https so only use it if you are not also running an IIS web server on the same machine.

Notes:

If your site has previously been under a DDOS attack, the hackers probably still know your IP address so you may need to change IPs after you've placed your server under CloudFlare protection.

If you want to install your SSL cert into the IIS web server also so that you can use the "Full" SSL option instead of just the "Flexible" setting, here are CloudFlare's instructions:

IIS 7: https://support.cloudflare.com/hc/en-us/articles/217472127-How-to-install-an-Origin-CA-certificate-in-Microsoft-IIS-7
IIS 8: https://support.cloudflare.com/hc/en-us/articles/217557568-How-to-install-an-Origin-CA-certificate-in-Microsoft-IIS-8-and-8-5
IIS 10: https://support.cloudflare.com/hc/en-us/articles/235267287-How-to-install-an-Origin-CA-certificate-in-Microsoft-IIS-10
Kent Briggs - [email protected]
Briggs Softworks - http://www.briggsoft.com
Kent Briggs
Site Admin
 
Posts: 3803
Joined: Wed Mar 19, 2008 8:47 pm


Return to Site Administration

Who is online

Users browsing this forum: No registered users and 2 guests