CloudFlare and websocket support

For discussion of the Poker Mavens server module and other administration topics
specialcoders
Posts: 6
Joined: Thu Sep 24, 2020 2:06 pm

Re: CloudFlare and websocket support

Post by specialcoders »

The real problem was that chrome is blocking mixed content since my domain has SSL and my poker maven doesn't, it is blocking the request to open and login to the lobby using the API.
So i was trying to add the SSL to the software according to the guide and steps mention in the topic so no problem with the certificate,
i added my domain as new site in cloudfare and generated a certificate.
but the problem is that i am using my domain certificate on poker maven software that is installed on separate server with different IP which gives this error.
Error: SSL: certificate subject name 'Cloudflare' does not match target host name
how to link my domain to poker maven so that the certificate match, i guess this might solve the problem.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: CloudFlare and websocket support

Post by Kent Briggs »

specialcoders wrote:but the problem is that i am using my domain certificate on poker maven software that is installed on separate server with different IP which gives this error.
I don't know what you mean by that. Separate server and different IP from what? Are you connecting to your site through Cloudflare? Does your domain name point to a Cloudflare IP?
specialcoders
Posts: 6
Joined: Thu Sep 24, 2020 2:06 pm

Re: CloudFlare and websocket support

Post by specialcoders »

I don't know what you mean by that. Separate server and different IP from what? Are you connecting to your site through Cloudflare? Does your domain name point to a Cloudflare IP?
This is the steps i went through :
1- i bought a domain name from namecheap and it came with free SSL
2- i added the site to cloudfare dns to my domain and the page certificate shows that it is issued by cloudfare
3- i have poker maven installed on windows server and configure the settings to use their API
4- the API is working when disabling the SSL encryption settings in poker maven but the lobby is block since my page is secure while the iframe which opens the poker maven lobby is insecure
5- added all the settings as mentioned in this topic for poker maven SSL and used the generated SSL in poker maven (SSL from cloudfare under same domain name)

The error is displaying
Error: SSL: certificate subject name 'Cloudflare' does not match target host name
so according to what i understood, the SSL installed on my poker maven is point on a different hosting name . I am new to this stuff and all what i am doing is try and error untill it works so it will be appreciated if someone guide me. besides i am usign the API so dont know if this makes a difference. should i point poker maven to a domain or what should i do
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: CloudFlare and websocket support

Post by Kent Briggs »

specialcoders wrote: 1- i bought a domain name from namecheap and it came with free SSL
2- i added the site to cloudfare dns to my domain and the page certificate shows that it is issued by cloudfare
A free SSL from NameCheap would not be issued by Cloudflare. You can create your own SSL cert on Cloudflare per the instructions in the beginning of this thread:

http://www.briggsoft.com/forums/viewtop ... f=8&t=2228

So I'm still confused about exactly which cert you are using, the one you got from NameCheap or one you created inside Cloudflare?
specialcoders
Posts: 6
Joined: Thu Sep 24, 2020 2:06 pm

Re: CloudFlare and websocket support

Post by specialcoders »

So I'm still confused about exactly which cert you are using, the one you got from NameCheap or one you created inside Cloudflare?
[/quote]
Ok These are my information maybe it can help. it will be really appreciate if you can guide me.

my domain : me-poker.com as you can see the website has a valid certificate issued from cloudfare (name cheap provide ssl but not used since i change the dns to point to cloudfare)
I am connecting to the server using the API for the Login (currently not working untill i fix the error or what ever is not making me connect)
The SSL cert and key are generated from cloudfare from SSL page->origin server (under me-poker.com sjte added in cloudfare) as mentioned in the topic step by step and the Mode is flexible
i change the ports on the software to
file port: 8443
packet port: 443
After changing the ports, i now get refused connection as you can see in this test connection page which get balance of a test account
https://me-poker.com/testConnection.php

I added inbound rule for firewall for the ports but still connection refused
this is the link for my server i am using in my code to connect with the API
$url = "https://208.117.82.55:8443/[API_PATH]";

I am really stuck and not able to make this work, I hope these information helps to identify my problem, i am new to the SSL stuff, it will be really appreciate if you can guide me step by step, i dont mind reviewed all the steps to ensure it work.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: CloudFlare and websocket support

Post by Kent Briggs »

specialcoders wrote: I added inbound rule for firewall for the ports but still connection refused
this is the link for my server i am using in my code to connect with the API
$url = "https://208.117.82.55:8443/[API_PATH]";
Add PMServer.exe to the Windows Firewall "Allow" list rather than mess with individual ports.

The Poker Mavens API is served from the File Port (443), not the Packet Port (8443).
ftpjesus
Posts: 164
Joined: Fri Dec 30, 2016 1:54 am

Re: CloudFlare and websocket support

Post by ftpjesus »

Just got this email from Cloudflare.. Im going to assume it just will mean we can remove the CF header seeking in Proxy IP Headers when this happens in June but figured I would post about it and let Kent confirm or deny my thought..

I left out the part about the cookie change because I didnt think it applies to PM

"Removing the cf-request-id header
In mid 2020, we introduced cf-request-id, an experimental HTTP header. This header was present on requests sent to origins and returned in responses to eyeballs (users). After careful evaluation, we decided to remove the cf-request-id header. You can read more about this change here.

On 15 June, 2021, we will temporarily remove the cf-request-id header between 15:00 UTC to 23:00 UTC.

Starting on 1 July 2021, we will stop adding the cf-request-id header on HTTP requests and responses.

Regards,
The Cloudflare team"
Owner Operator of (TBA)
http://www.( TBA ) .com (Home Page)
http://www. (TBA) .net (Play Money)
http://www. (TBA) .eu (BTC Token tied currency and Stable Coins through Crypto quasi real money play)
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: CloudFlare and websocket support

Post by Kent Briggs »

ftpjesus wrote:Just got this email from Cloudflare.. Im going to assume it just will mean we can remove the CF header seeking in Proxy IP Headers when this happens in June but figured I would post about it and let Kent confirm or deny my thought.. "Removing the cf-request-id header
No, that's a different header. Poker Mavens uses their "CF-Connecting-IP" header for the "Proxy IP header" setting, which just passes on the player's true IP address to the poker server.
ftpjesus
Posts: 164
Joined: Fri Dec 30, 2016 1:54 am

Re: CloudFlare and websocket support

Post by ftpjesus »

Ok glad I asked then.. Obviously it wouldnt have come into play for a few more months but better to stay ahead of things so cloudflare doesnt make a change that breaks things on us abruptly..
Owner Operator of (TBA)
http://www.( TBA ) .com (Home Page)
http://www. (TBA) .net (Play Money)
http://www. (TBA) .eu (BTC Token tied currency and Stable Coins through Crypto quasi real money play)
omegajoe
Posts: 3
Joined: Mon Mar 15, 2021 4:00 pm

Re: CloudFlare and websocket support

Post by omegajoe »

Is anyone having trouble, guys?

Cloudflare seems to be limiting websockets connections: https://support.cloudflare.com/hc/en-us ... WebSockets

And it's asking to upgrade your plan if you bypass those limits
Post Reply