Hi guys, would be happy to receive some input on my current problem. I spun up my own Lemmy instance yesterday using the ansible playbook on newly set up VPS with it’s own IPv4. Since I also had an unused domain I choose to use it exclusively for Lemmy. I therefore set the domain in the hosts file to exactly that one. I created the follwing DNS entries in Cloudflare for it:
- A Record with name www pointing towards the ip
- A CName pointing the domain without subdomain towards the www.subdomain.de thing
Both without a activating their proxies. As soon as I’m activating their proxies my instances becomes unreachable and if I’m calling www.my-domain.de I’m seeing an Nginx error page. Is there a smart way anyone of you knows how I could setup my dns records in a way that I’m able to use Cloudflare proxies to kinda encapsulate my vps a bit more?
EDIT:
I got it solved, first on, I was most probably an idiot when setting the SSL settings. I could be possible that I changed them for the wrong domain. So in the end I did two things. First on I changed the CNAME thing into another A record pointing directly towards the server ip. I suspect this was not the root cause. Because after changing the DNS settings I discovered that again the SSL settings were set to Flexible
this is basically a setting where Cloudflare assumes you are somehow unable to get your own SSL certificate on your server and therefore only the traffic between the users browser and them is encrypted but the traffic towards your server is not. That was most probably the main reason since this should cause an infinite forwarding of Cloudflare trying http but my server was redirecting them to https (for more info see here). I set it to Full (strict)
meaning now all the traffic is encrypted using my certificate.
After both changes it works now, and when pinging the url some random Cloudflare IP shows up and “my” ip is hidden.
Old DNS settings:
New DNS settings:
EDIT 1: Changed the title from xyz (SOLVED) to [SOLVED] xyz
Does you Lemmy server use its own SSL? Then shouldn’t you disable SSL on Cloudflare?
I’ll look into it as soon as I’m back at my computer. The playbook contains certbot and requests its own ssl certificate and I also use certbot and cloudflare for my homeserver, so I should be able to easily compare settings there. Haven’t thought of it maybe being an SSL issue since the usual your page is unsafe and so things didn’t pop up.
Tried turning ssl on/ off; always the same result.EDIT: See the edit in the post; most probably it actually helped.
Would need more details such as error logs from the server and what you mean by “proxies”, are you referring to cloudflare’s caching proxy? Also, it is against RFC to CNAME a APEX domain, I am not sure of your exact details but by the way you are explaining things, it seems that you may have done this.
I get the same, I’d love to find out a solution.
Turning off SSL doesn’t help.
Your instance seems to be running on a subdomain. So it seems that is not just something that is specific to running an instance without using a subdomain.