I want to use caddy as reverse proxy and cloudflare as DNS only. When I turn proxy in cloudflare on, I am able to connect to my websites, but if I set it to DNS only, it doesn’t work.
4. Error messages and/or full log output:
logs. No errors. Just normal
5. What I already tried:
I’ve tried following a dozen different tutorials. Changing every detail I can. I have no idea why it isn’t working. Online people tend to have the opposite problem as me. It works for them with DNS only but stops working when they turn proxy on.
There’s a very important piece of the puzzle here and that’s the fact you have cloudflared in the mix.
Cloudflare Tunnels work through Cloudflare’s backend infrastructure - there’s some magic that takes the traffic and routes it through to a configured tunnel connector.
While you’re routing a subdomain through a tunnel, you should find that in the Cloudflare dashboard, the DNS record for this is a CNAME with a value of [tunnel-ID].cfargotunnel.com. If you turn Cloudflare proxying off for this record, and allow Cloudflare to present it as a regular CNAME, then clients will make DNS lookups to [tunnel-ID].cfargotunnel.com and will find no authoritative answer - no IP address, nothing to connect to. This will naturally break client access (at least, for those who haven’t cached a previous good DNS resolution).
To make use of Cloudflare tunnels, you must leave the Cloudflare proxy on, because that allows Cloudflare to respond to DNS requests for your subdomain with their own edge IP addresses, which allow for clients to connect to them and be routed to your tunnel connector as configured.
If you want to take your subdomain off a Cloudflare tunnel, you should remove the tunnel, delete the CNAME, and replace it with a new CNAME or A record that points directly to your origin server instead of an argotunnel.com address.
I’m using a tunnel because port forwarding does not work on my router. So, I guess in my case, it’s not possible to use cloudlfare without its proxy. In that case, I think you can close this topic. I’ll have to find another way to open my services to the internet. Thank You for your time. If you have any suggestions, I am open to them.
Is there any reason you need the tunnels but don’t want the proxy? They’re inseparable; a service can’t really transport your traffic to you without, by definition, reverse-proxying it back through the tunnel.
If the issue is with Cloudflare itself, you could look into other solutions.
As an alternative to “tunnels”, per se, you could also just use a plain old VPN or global area network, like Wireguard or ZeroTier or Tailscale. Point your domains at a VPS; connect your server via VPN; have Caddy on your VPS reverse-proxy to your services hosted on your server.
(Definitely click that link above; it covers all your options in pretty great detail!)
I want to host jellyfin and photoprism. Both of those have video content which is against Cloudflare TOS. So I wanted to reverse proxy it myself so I could still use their DNS. I will look into those options. Thanks!