CloudFlare and websocket support

For discussion of the Poker Mavens server module and other administration topics
Post Reply
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

CloudFlare and websocket support

Post by Kent Briggs »

There's good news from CloudFlare, a popular DDOS protection service. They now support websocket connections on all their plans, including the free one. Previously it was only part of their most expensive Enterprise plan, which costs something like $2000 (or more) a month, way out of reach of most Poker Mavens sites. I have not tested this myself so if there are any site owners who have successfully implemented a poker site behind a CloudFlare proxy server with full websocket support, please chime in here with your experience or tips in making that work.

https://support.cloudflare.com/hc/en-us ... ebSockets-

Ports supported:

https://support.cloudflare.com/hc/en-us ... work-with-

Edit 2020-4-14: In the Server Settings group on the System tab, set Proxy IP Header to "CF-Connecting-IP" so that Poker Mavens can see the player's true IP address, which Cloudflare passes along in that header.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: CloudFlare and websocket support

Post by Kent Briggs »

I finally got around to using CloudFlare protection on my demo site and I can report that it works fine on their free plan and even includes a free SSL cert than can by used by the Gold edition of Poker Mavens. The steps are as follows:

1. Create an account (or log into your existing acount) at CloudFlare.com and select the "Add Site" option and enter your domain name. If you don't have a domain name then you'll first need to buy one at a registrar like GoDaddy.com and then register that in your hosting service control panel. Follow all the default prompts and select the Free plan. Or pay for the Pro plan if you want some extra protections against more types of DDOS attacks. Then follow their instructions for setting the two name servers back at your domain name registrar. Once that propagates around the world, your domain name will point to CloudFlare and they will pass all traffic to your IP and route all responses back to the user such that they will not know your true IP.

2. The default file and packet ports (8087 and 8088) are not supported by CloudFlare so you must change those to any two of these ports: 80, 8080, 8880, 2052, 2082, 2086, 2095. Note that 80 is the default http port so only use it if you are not also running an IIS web server on the same machine.

If you have the Gold edition (or Pro edition 6.16 or newer) of Poker Mavens and would like to use SSL encryption, following these additional steps:

3. Click the Crypto button in your CloudFlare account. The SSL option should be set to "Flexible". This will allow SSL connections to your IIS web server (if enabled) without having to install a cert into IIS (which is kind of a tedious process). If you do install the cert into IIS or aren't using IIS at all you can set the SSL option to Full or Full-Strict and also turn on the "Always Use HTTPS" option in Cloudflare.

4. Skip past the "Edge Certificates" section and go to the "Origin Certificates". Click the "Create Certificate" button and keep the default prompts, letting CloudFlare create an RSA key. You will then see your cert file and private key in PEM (base 64) format. Copy these separately to the clipboard and paste them into a text editor and save them as plain text files. The names do not matter but I'd suggest something like MyDomain.crt for the cert and MyDomain.key for the key. Note that once you press Ok, they will not show your private key again so you'll need to start over if you lose it.

5. Go to this page and copy/paste/save the "Cloudflare Origin CA — RSA Root" file: https://support.cloudflare.com/hc/en-us ... Origin-CA-. Call it something like MyRoot.crt. Ignore that second file labeled "ECC Root".

6. Now copy the two .crt files and one .key file to your poker server. You can place them anywhere including the program folder where PMServer.exe is located.

7. In your Poker Mavens settings on the System tab, set "SSL Encryption" to Yes, "SSL key file" to the path of your .key file, leave "SSL password" blank, set "SSL certificate file" to the path of your cert file and "SSL root certificate file" to the path of your root cert file.

8. Note that CloudFlare has a different set of supported ports for SSL connections so you must change your File and Packet ports to any of these: 443, 2053, 2083, 2087, 2096, 8443. And in the same way that 80 is the default port for http, 443 is the default port for https so only use it if you are not also running an IIS web server on the same machine.

Notes:

If your site has previously been under a DDOS attack, the hackers probably still know your IP address so you may need to change IPs after you've placed your server under CloudFlare protection.

If you want to install your SSL cert into the IIS web server also so that you can use the "Full" SSL option instead of just the "Flexible" setting, here are CloudFlare's instructions:

IIS 7: https://support.cloudflare.com/hc/en-us ... soft-IIS-7
IIS 8: https://support.cloudflare.com/hc/en-us ... -8-and-8-5
IIS 10: https://support.cloudflare.com/hc/en-us ... oft-IIS-10
malcolmd
Posts: 11
Joined: Sat Apr 04, 2020 4:23 pm

Re: CloudFlare and websocket support

Post by malcolmd »

If I use cloudfare with the SSL option, could I then host it on my home computer, or will I still need a static IP on a cloud server?
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: CloudFlare and websocket support

Post by Kent Briggs »

malcolmd wrote:If I use cloudfare with the SSL option, could I then host it on my home computer, or will I still need a static IP on a cloud server?
You could do that but you'll have to go into your Cloudflare account and adjust the DNS record with your new IP every time it changes.
jfullerton44
Posts: 6
Joined: Wed Apr 08, 2020 7:36 pm

Re: CloudFlare and websocket support

Post by jfullerton44 »

On cloudflare how do you set the redirection so that the port is shown when the domain is visited? I have purchased a domain name and have the IP and port of pokermaven but do not know how to link them on cloudflare
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: CloudFlare and websocket support

Post by Kent Briggs »

jfullerton44 wrote:On cloudflare how do you set the redirection so that the port is shown when the domain is visited? I have purchased a domain name and have the IP and port of pokermaven but do not know how to link them on cloudflare
You want the port shown? Or did you mean not shown? You cannot put port numbers in your DNS record. Your domain is tied to your IP address alone. So if your domain is www.example.com and your port is 8087 then you have to go to www.example.com:8087.

Now if you are not running the IIS Web server on your site, you can (and should) change your File Port to 80 if you don't have SSL or 443 if you do have SSL. That's because 80 is the default port for HTTP and 443 is the default port for HTTPS and thus don't need to be including in your URL.
jfullerton44
Posts: 6
Joined: Wed Apr 08, 2020 7:36 pm

Re: CloudFlare and websocket support

Post by jfullerton44 »

Is there anything else that needs to be done withe the packet port? I set the packet port to 2053 and file port to 443 and enabled SSL through cloudflare but whenever I try to get to the site i get a message saying "Websocket connection error, connection closed with event code 1015" after it tries to connect to port 2053 and in the console there is the message 'firefox cant establish a connection to the server at wss:://"URL"/2053'. I have my file port set to 443 and packet port set to 2053 and when running without SSL with file port 80 everything works fine.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: CloudFlare and websocket support

Post by Kent Briggs »

jfullerton44 wrote:Is there anything else that needs to be done withe the packet port? I set the packet port to 2053 and file port to 443
I'm using 443 and 8443 on my demo site (pm-demo.com) but 2053 should work also. Do you have SSL set to Full or Full (Strict) in your Cloudflare settings?
jfullerton44
Posts: 6
Joined: Wed Apr 08, 2020 7:36 pm

Re: CloudFlare and websocket support

Post by jfullerton44 »

I am using flexible
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: CloudFlare and websocket support

Post by Kent Briggs »

jfullerton44 wrote:I am using flexible
Flexible only seems to work when connecting to an IIS Web server that does not have a cert. If you are connecting directly to your poker server then install the Cloudflare cert on your machine and switch to Full - Strict.
Post Reply