Using Cloudflared to Proxy OBS Websockets

2 minute read

Here’s a nice writeup on how I proxy obs websockets using cloudflared. The most important thing is that outside of the domain you choose to use, this is free. First, add a domain to Cloudflare. There’s tons of guides for this, so I’m not going to cover that part. Keep in mind,

Install cloudflared on your system

I prefer to use linux for anything that needs to run in the background, so that’s what I’ll focus on.

  1. Go to https://github.com/cloudflare/cloudflared and download and install the latest version of cloudflared. You’ll find that on the righthand side under releases.

  2. Authenticate with cloudflared

    cloudflared tunnel login
    

    A window will pop up and you’ll need to copy and paste it into a browser. Once logged in you’ll select the domain you want to register domains into.

This will generate a cert file under ~/.cloudflared:

cert.pem
  1. Create the tunnel by running the following command:
    cloudflare tunnel create TUNNELNAME
    

You should have a new file XXXXXXX-XXXX-XXXXX-XXX.json. The name of this file should match up with the ID of your tunnel you just created.

Rename the file to creds.json

  1. Create your config.yaml file and put the following in it:
tunnel: <TUNNEL ID>
credentials-file: </PATH/TO>/creds.json

ingress:
  - hostname: hostname.whatever.com
    service: ws://127.0.0.1:4455
  - service: http_status:404
  1. Create a DNS entry in cloudflare by running the following:
    cloudflared tunnel route dns whatever.com hostname.whatever.com
    

Set up Application in Cloudflare.com

  1. Log into cloudflare
  2. Go to Zero Trust > Access > Applications

  3. Select Add an Application
  4. Select Self-Hosted

  5. Give the application configuration a name.

  6. dd the application domain to the list.
Subdomain Domain Path
hostname whatever.com (blank)
  1. Under WARP authentication Identity disable Turn on Warp authentication identity

  2. Scroll all the way to the bottom and click Next

  3. Under Policy name, put the following:

Policy name Action Session Duration
BypassWS Bypass 24 hours
  1. Under Configure Rules, click Add include:
Selector Value
Everyone Everyone
  1. Click Next

  2. Under Add an application scroll to the bottom and click Add application

Test cloudflared

  1. Start Cloudflared:
    cloudflared tunnel run <UUID or NAME>
    
  2. In a new window, test your tunnel by checking the following:
    cloudflared tunnel info <UUID or NAME>
    

Install Cloudflared as a system Service

  1. Install the service:
    cloudflared service install
    
  2. Start the service:
    systemctl start cloudflared
    
  3. View the status of the service:
    systemctl status cloudflared
    

Final notes

You should be able to connect to your proxy at the following ip/ports:

hostname.whatever.com:80 (for ws://)
hostname.whatever.com:443 (for wss://)

That’s it! you should be done! good luck!

Updated: