Skip to content

docs: Spectrum onboarding and non-HTTP protocol support confusion#31819

Open
stechedo wants to merge 3 commits into
cloudflare:productionfrom
stechedo:remedy/26-25-spectrum-onboarding-and-non-http-protocol-support-
Open

docs: Spectrum onboarding and non-HTTP protocol support confusion#31819
stechedo wants to merge 3 commits into
cloudflare:productionfrom
stechedo:remedy/26-25-spectrum-onboarding-and-non-http-protocol-support-

Conversation

@stechedo

Copy link
Copy Markdown
Collaborator

Auto-Generated Documentation Update

Suggested Change

Add a Before you create your first application section and a Non-HTTP protocol guidance section to the Spectrum getting-started page.

Before you create your first Spectrum application

  1. Confirm protocol support. Spectrum supports TCP, UDP, HTTP, and HTTPS applications. Not every port is available on every plan; verify that your desired port is supported before you start.
  2. Choose how clients will reach the application.
    • For TCP/UDP applications, clients connect to a Cloudflare Spectrum anycast IP address and port. You can create a DNS record that points a hostname to that IP, but routing is based on the IP and port, not the hostname.
    • For HTTP/HTTPS applications, clients connect through a Cloudflare-proxied hostname.
  3. Check SSL/TLS requirements. Universal SSL is not compatible with Spectrum. HTTPS applications need an advanced certificate or a custom certificate.
  4. Make sure the origin is reachable. The origin must accept traffic from Cloudflare. If the origin is private and you want to use Cloudflare Tunnel, remember that Tunnel is only supported directly for HTTP/HTTPS Spectrum applications. For non-HTTP traffic, route Spectrum through a Cloudflare Load Balancer with Private Network Load Balancing instead.
  5. Allow Cloudflare IP ranges. Configure any origin firewall to allow Cloudflare’s IP ranges on the origin port.

Non-HTTP protocol guidance

Spectrum is often used for protocols other than HTTP/HTTPS. The general pattern is the same: create a TCP or UDP application, publish the Spectrum IP and port, and ensure the origin service is listening and reachable.

Use case Recommended Spectrum type Common notes
SFTP TCP Use the SSH/SFTP port (commonly 22). Clients connect to the Spectrum IP/hostname and port.
SMPP TCP Create a TCP application on the SMPP port your service uses.
Minecraft Java Edition TCP Minecraft Java Edition is supported on the standard port (25565). Minecraft Bedrock Edition is not supported.
Remote desktop / AnyDesk-like tools TCP and/or UDP Verify the tool uses fixed inbound ports and is not purely peer-to-peer/NAT-traversal. Spectrum proxies inbound connections to the configured origin.

Common first-setup mistakes

  • Selecting HTTP or HTTPS for traffic that is not HTTP-based.
  • Using Universal SSL with Spectrum.
  • Pointing a non-HTTP Spectrum application’s origin directly to a Cloudflare Tunnel subdomain (<UUID>.cfargotunnel.com).
  • Expecting hostname-based routing for TCP/UDP applications. Spectrum routes these by IP address and port.
  • Sending fragmented UDP packets. Cloudflare does not support UDP packet fragmentation; fragmented packets are dropped.

Quick troubleshooting checklist

  1. The Spectrum application shows as Active in the dashboard.
  2. DNS resolves to the Spectrum IP (TCP/UDP) or to a proxied hostname (HTTP/HTTPS).
  3. The origin is listening on the configured port and protocol.
  4. The origin firewall allows Cloudflare IP ranges.
  5. The client is using the same protocol and port configured in Spectrum.
  6. For HTTPS, the certificate is valid and covers the hostname.

- Link port/plan availability to Configuration Options and Settings by Plan
- Add virtual network origin as simpler alternative to LB for private origins
- Note that Spectrum IPs are not static; recommend using DNS name
- Expand protocol table with SSH, RDP, SMTP, DNS, WireGuard
- Add cross-references to Limitations page instead of duplicating content
- Add links to relevant docs sections from Common mistakes bullets
- Fix missing newline at end of file
@stechedo stechedo marked this pull request as ready for review June 30, 2026 21:48
@stechedo stechedo requested review from a team, elithrar and steve-cloudflare as code owners June 30, 2026 21:48
@cloudflare-docs-bot

cloudflare-docs-bot Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Review

✅ No issues found in commit 8c899ee.

Code Review

This code review is in beta and may not always be helpful — use your judgment.

No code review issues found.

Conventions

Checks PR title, description, and redirect checklist.

No convention issues found.

Style Guide Review

No style-guide issues found.

Redirects

No missing redirect entries found.

Commands

Only codeowners can run commands. Post a comment with the command to trigger it.

Command Description
/review Runs a review now. Incremental if a prior review exists, full if not.
/full-review Re-reviews the entire PR diff from scratch, ignoring incremental history. Useful after a rebase, when you want a fresh review, or if the bot gets out of sync and reports issues that no longer exist.
/ignore-review-limit Permanently lifts the 2-review automatic limit for this PR. Future pushes will trigger reviews as normal.
/disable-auto-review Stops automatic reviews from triggering on future pushes to this PR. Codeowners can still run /review or /full-review manually.

Addresses style-guide bot suggestion on PR cloudflare#31819: remove 'Note that' filler and state the Cloudflare Tunnel limitation directly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

product:spectrum Related to Spectrum product size/s

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants