viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

kms: switch to non-proxied DNS so port 1688 is reachable externally

Browse source 
Cloudflare cannot proxy raw TCP/1688 (KMS protocol). Switch
kms.viktorbarzin.me from CF-proxied CNAME to direct A/AAAA so
clients can reach the vlmcsd LoadBalancer (10.0.20.200) via the
existing pfSense WAN port-forward for 1688.

Verified end-to-end: vlmcs against 176.12.22.76:1688 completes
the KMS V4 handshake for Office Professional Plus 2019.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-05-06 18:02:25 +00:00
parent b45c45e419
commit 813148c4af
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
stacks/kms/main.tf
View file

@ -124,7 +124,7 @@ resource "kubernetes_service" "kms-web-page" {
module "ingress" {
source = "../../modules/kubernetes/ingress_factory"
dns_type = "proxied"
dns_type = "non-proxied"
namespace = kubernetes_namespace.kms.metadata[0].name
name = "kms"
tls_secret_name = var.tls_secret_name