Clouflare Tunnel With Panel

aaP_lukealmakarov

Hi everyone, I’ve set up aapanel with Cloudflare Tunnel, direct to the panel’s IP and port (https://panel.mydomain.com/). When I access it, the login page shows, but JS/CSS doesn’t fully load. The browser console shows multiple 404 errors like:

https://panel.mydomain.com/static/js/md5.js net::ERR_ABORTED 404 (Not Found)
https://panel.mydomain.com/static/js/qrcode.min.js net::ERR_ABORTED 404 (Not Found)
i18next is not defined

I’ve tried:
Accessing the root domain directly without a /aapanel subpath
Making sure the tunnel points directly to the panel port
Clearing Cloudflare cache

But it still doesn’t render fully.

Question: Is there a way to make aapanel fully render via Cloudflare Tunnel without using a reverse proxy or subpath rewrite?

aaPanel_Kern

aaP_lukealmakarov
Hello
We have not tested
It is recommended that you refer to this document

https://www.aapanel.com/docs/Function/Tutorial/panel_access_using_domain.html#access-panel-via-cloudflare-proxy

aaP_lukealmakarov

aaPanel_Kern
Thanks for the response. If I use an A record in DNS, that means I need to port forward the panel’s port on my firewall, and access the panel via:

http://panel.mydomain.com:8888/aapanel

I’m wondering, why can’t I just use Cloudflare Tunnel for this instead, so I don’t have to expose the port or deal with port forwarding?

and If i using the cloudflare tunnel , and i inspect the browser , this error will pop up

GET https://panel.mydomain.com/static/js/md5.js net::ERR_ABORTED 404 (Not Found)Understand this error
aapanel:784 GET https://panel.mydomain.com/static/js/jsencrypt.min.js net::ERR_ABORTED 404 (Not Found)Understand this error
aapanel:785 GET https://panel.mydomain.com/static/js/i18next.min.js net::ERR_ABORTED 404 (Not Found)Understand this error
aapanel:783 GET https://panel.mydomain.com/static/js/qrcode.min.js net::ERR_ABORTED 404 (Not Found)Understand this error
aapanel:790 {de: {…}, kor: {…}, cht: {…}, zh: {…}, tur: {…}, …}cht: {translation: {…}}de: {translation: {…}}en: {translation: {…}}fra: {translation: {…}}ind: {translation: {…}}it: {translation: {…}}kor: {translation: {…}}pt: {translation: {…}}ru: {translation: {…}}spa: {translation: {…}}tur: {translation: {…}}uk: {translation: {…}}vie: {translation: {…}}zh: {translation: {…}}[[Prototype]]: Object
aapanel:798 Uncaught ReferenceError: i18next is not defined
at aapanel:798:7
(anonymous) @ aapanel:798Understand this error
aapanel:733 GET https://panel.mydomain.com/code 404 (Not Found)

aaPanel_Kern

Not clear yet without testing
You can try using a reverse proxy

aaP_lukealmakarov

aaPanel_Kern

I’ve tried configuring a reverse proxy, but the panel still doesn’t render properly.

From what I understand, aapanel can only be accessed using the domain + port + secure login.

Does this mean that if I want to use a Cloudflare Tunnel, it’s not possible to fully render the panel without also doing port forwarding? In other words, is port forwarding unavoidable if I want aapanel to work properly?

aaPanel_Kern

https://www.aapanel.com/docs/Function/Tutorial/panel_access_using_domain.html#access-panel-via-domain-reverse-proxy

aaP_lukealmakarov

aaPanel_Kern
The method you suggested only works for a private network. If I need to access the panel from the public internet, I still have to allow port forwarding in the firewall.

It’s hard to believe that aapanel cannot bind to a domain without relying on a port. I’ve already tried all the suggestions from documentation, guides, and community posts, but nothing works. The only way it renders properly is by port forwarding in the firewall and accessing it via domain + port.

Also, your responses so far seem to provide no real solution. You just mention “not tested” or share documentation that doesn’t help. Please consider improving your knowledge about this setup, because the current suggestions don’t solve the issue.

aaPanel_Kern

As long as your server provides a website service, it can be used
No distinction is made between private and public networks

It is recommended that you check the corresponding tutorial document first
If you solve the cloudflare channel problem, you can also write a document telling us how to use it.

aaP_lukealmakarov

Nvm, regarding your previous response. I understand that when using port forwarding to a custom port, aapanel only provides a self-signed certificate, which means it serves HTTP only. Let’s Encrypt fails with the error:

Apply SSL certificate Error: Web Server Not Found!

My question is: is there any way to make aapanel get a proper HTTPS certificate via Let’s Encrypt when accessed publicly, without relying on reverse proxy or subpath rewrites?

Right now, it seems the panel can only work fully with domain + port + self-signed certificate (HTTPS with red color
). Is there any tested method to solve this?

aaPanel_Kern

https://www.aapanel.com/docs/Function/Tutorial/panel_access_using_domain.html#domain_panel_ssl
You can also use the certificate of the IP directly

aaP_lukealmakarov

aaP_smithdayton

Not sure if you are still having issues with your setup, but I thought I'd share. I use Cloudflare's zero trust tunnels to avoid open ports on my firewall as well. In order to allow it to operate correctly I had to ensure that in the published application is using HTTPS, not HTTP and that the TLS Origin Server Name had the proper host header value as it is in aapanel. The site itself needs an SSL certificate. I don't believe it matters if its self signed, but I just use the Let's Encrypt certificates. forced SSL is optional.

You can also set the following values. depending on your situation, but I found just the host header will normally resolve the issue on the Cloudflare side and avoid the to many redirects error.
No TLS Verify: Enable
HTTP2 connection: Enable
Match SNI to Host: Enable

My Domain Settings are using their cert, I don't use the Advanced Certificate Manager.
SSL/TLS encryption Current encryption mode: Full (strict)

Best of luck.

aaP_lukealmakarov

aaP_smithdayton
Thank you so much, this method works perfectly and I’m now able to access aapanel using cloudflared tunnel without opening any firewall ports.

I have one more question. How should I handle phpMyAdmin access in this setup? I’ve already created a tunnel mapping for the same domain pointing to port 887, but I still can’t access phpMyAdmin.

Is there any additional configuration required on Cloudflare Tunnel or aapanel to make phpMyAdmin work properly through the tunnel?

aaP_smithdayton

In order for it to work at least in my environment, I created a public application route under the network connectors, with just the IP Address and port, configured as HTTPS with Host header in my case of "phpmyadmin.<mydomain>", I also enabled no TLS verification and HTTP2 connection = True as well as SNI

For security I created an application with the full path included after the domain > phpmyadmin_<yourguidstring>/index.php?lang=en

I also secure this with custom security policy that includes the email must include with a list of hosted domains. Your situation might vary, I just don't like this page exposed complexly to the pubic.

When you or your customer needs to browse to the login page, they will need the full address for the url to work.

Best of luck