Has anyone successfully exposed a RustDesk HBBS/HBBR server through Cloudflare Tunnel? I'm getting constant 502 and handshake failures.

[sswayd]

Hello everyone,

I’m trying to self-host a RustDesk server (HBBS + HBBR) on my home lab, and everything works fine inside my LAN.
However, I’ve been completely unable to expose the service through Cloudflare Tunnel.

Environment

Server: Ubuntu (Docker / docker-compose)

RustDesk image: rustdesk/rustdesk-server:latest

HBBS exposed ports:

21114/tcp

21115/tcp

21116/tcp,udp

21117/tcp

21118/tcp,udp

HBBR exposed ports:

21119/tcp,udp

Local access to all ports works (verified via curl and Test-NetConnection)

Cloudflared container works fine for my other services (Nextcloud, Jellyfin, etc.)

The problem

When I expose RustDesk through Cloudflare Tunnel, the client always fails with:

“Error code 502”

“Handshake failed”

“has no rendezvous server channel, will set it up”

Even the admin port (21114) returns 502 from Cloudflare, and WebSocket connections (21118) never establish.

Troubleshooting done

Verified HBBS/HBBR startup logs → no errors

Curl to local ports works inside the host

Test-NetConnection from Windows shows ports are reachable

Disabled firewall completely → same result

Stopped cloudflared entirely → RustDesk works perfectly inside LAN

My question

Has anyone successfully exposed a RustDesk HBBS/HBBR server through Cloudflare Tunnel (without using WARP on the client)?

If yes:

Which Cloudflare settings did you use?

Did you forward TCP only, or TCP+UDP?

Did WebSockets work for port 21118?

Are there known limitations preventing RustDesk from working on Cloudflare Tunnels?

Everything I’ve read suggests Cloudflare only supports HTTP(S) through tunnels and not full TCP/UDP, so I’m wondering if this is simply impossible.

Any advice or confirmation would be greatly appreciated!

Thanks!

[Marcus1Pierce]

Short answer: No, you cannot properly run RustDesk (hbbs + hbbr) behind a standard Cloudflare Tunnel.

The errors you’re seeing:
“Error code 502”
“Handshake failed”
“has no rendezvous server channel, will set it up”
happen because RustDesk does not use HTTP, while a standard Cloudflare Tunnel only proxies HTTP/HTTPS traffic.

Regarding this part:

Even the admin port (21114) returns 502 from Cloudflare, and WebSocket connections (21118) never establish.

If I’m not mistaken, port 21114 (admin panel) are features of RustDesk Server Pro, not the open-source edition. WebSocket failures on 21118 are usually a side effect of Cloudflare trying to treat non-HTTP traffic as HTTP(S).