This should allow Cloudflare to access the server hidden behind the reverse proxy (server running on 7171).
Looks like 'chat gpt' answer
7171? 7172? You cannot access OTS running behind CloudFlare. CF allows only http(80)/https(443) requests (detects protocol, no matter what port), not any protocol (ex. Tibia protocol).
There are some custom services like CloudFlare Zero Trust and CloudFlare Argo for any port anti-ddos, but last time I've heard someone asked them about price (around 2020) it was 3000$+ per month and they said it will lose connection - kick player! - every few hours (to scale up/down cloud services and update to newest CF software version). Pretty unusable on OTS, where players play for hoooours and expect no kicks.
What all OTSes using CF do is to create subdomain that is not protected by cloudflare - go straight to VPS/dedic IP - and use it on lists/to connect to OTS with normal Tibia Client ex.:
top 1 otservlist:
login.realera.org
-> redirects www to
realera.org
(simple nginx config, hard to DDoS; probably hosted on extra VPS, not real OTS VPS/dedic, just to add to otservlist)
top 2 otservlist:
on.aurera-global.com
-> does not work at all, but all players already know they have to remove
on.
to make it work
@abdala ragab
Asked me about this thread on Discord. I've told him what to do (setup
login.gamelaots.online
without protection). Biggest problem right now is that he is running server on VPS with Windows and I got no idea how to configure firewall on Windows, to block access to 80/443 from other IPs than cloudflare (block access to
login.gamelaots.online
like
on.aurera-global.com
does).
I've told him to block IPs on OVH Firewall (part of OVH anti-DDoS), but it's not 100% secure, as it blocks only access from IPs outside OVH. Other servers from OVH can still DDoS his VPS IP/website.