How I Fixed Cloudflare Blocking My VPS Port 8090 (and Secured It with SSL)
Recently, I ran into a frustrating problem with my VPS setup. I normally accessed my CyberPanel admin via: http://domain.com:8090. It worked fine – until I decided to enable the Cloudflare proxy (orange cloud) for domain.com to get better performance and DDoS protection. The moment I did that, my panel became unreachable. I later learned the reason: Cloudflare only proxies certain ports, and 8090 isn’t one of them unless you’re on specific paid plans.
That’s a problem I’ve run into whenever I enable a CDN (Content Delivery Network) for a website hosted on a VPS running CyberPanel. At first, I wondered if I could fix it by adding a new A record like domain.com:8090, but DNS A records don’t work with ports. The solution was to create a separate subdomain specifically for accessing the CyberPanel management interface.
The Fix: Create a DNS-Only Subdomain for the Panel
Here’s how I solved it:
- Log into Cloudflare → DNS Settings
- Add a new A Record: Type: A, Name: panel (this makes panel.domain.com), IPv4 Address: VPS public IP, Proxy Status: DNS Only (gray cloud)
- Save and wait for DNS to update (usually seconds to minutes).
Now, I could visit: http://panel.domain.com:8090 – and it worked again because traffic went directly to my VPS without passing through Cloudflare’s port restrictions.
Securing It with SSL
I didn’t want to leave my admin panel on plain HTTP, so I issued a Let’s Encrypt SSL certificate for panel.domain.com directly from the terminal via SSH:
ssh root@YOUR_VPS_IP
sudo apt update && sudo apt install certbot
sudo certbot certonly --standalone -d panel.domain.com --agree-tos -m you@example.com --no-eff-email
sudo cp /etc/letsencrypt/live/panel.domain.com/fullchain.pem /usr/local/lscp/conf/cert.pem
sudo cp /etc/letsencrypt/live/panel.domain.com/privkey.pem /usr/local/lscp/conf/key.pem
sudo systemctl restart lscpdAfter that, I could log in securely at: https://panel.domain.com:8090
Locking It Down (Optional but Recommended)
Because this bypasses Cloudflare, it exposes my VPS IP. To protect it, I used Oracle Cloud’s Ingress Rules to allow port 8090 only from my IP:
Source CIDR: MY.IP.ADDRESS/32
Protocol: TCP
Destination Port Range: 8090Now, even if someone finds panel.domain.com, they can’t connect unless they’re on my IP.
Key Takeaways:
- Cloudflare’s proxy doesn’t work with every port – check their allowed list before enabling it.
- Use a DNS-only subdomain to bypass the proxy for unsupported ports.
- Always secure admin access with SSL and firewall rules.
