API isn't accessible via HTTPS domain (Cloudflare Error 525) however frontend is accessible

I’m running a React + FastAPI Web-app in production using Docker & Nginx for hosting and port forwarding, and Cloudflare for HTTPS / SSL propagation.

  • I’ve got my domain pointing to Cloudflare name servers and have tried Flexible & Full SSL/TLS encryption modes

  • I’m using NGINX to point my frontend (http://localhost:3000) to SSL port 443 and this is working perfectly fine; ( like upon accessing https://example.com:443 it works and loads my frontend)

  • I’m running the API on port 8443 however when I try accessing this securely, I get the Cloudflare 525 Error (SSL handshake failed) However, when I’m accessing this port unsecurely , via the VPS’ IP directly (like http://vps_ip:8443) it accessible.

Previously I was having the same error (Cloudflare: 525) with the frontend but after adding a server block configuration to the NGINX config, it resolved this issue, I’ve tried doing the same for the API on port 8443 , also tried proxying it, but no luck…

NGINX Configuration ; HTTP section

http {

# THIS BLOCK IS PROPERLY PROPOGATING MY FRONTEND VIA PORT 443

server {
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     /etc/ssl/cert.pem; #Cloudflare origin cert
    ssl_certificate_key /etc/ssl/key.pem; #cloudflare private key
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    location / {proxy_pass http://localhost:3000/; }

}

# THIS IS MY ATTEMPT TO PROPAGATE PORT 8443 WITH SSL SINCE MY API IS LISTENING ON THIS PORT, but no luck

# WHEN I REMOVE THIS SECOND BLOCK ENTIRELY, I STILL GET THE SAME CLOUDFLARE 525 ERR

server {
    listen              8443 ssl;
    server_name         www.example.com;
    ssl_certificate     /etc/ssl/cert.pem; #Cloudflare origin cert
    ssl_certificate_key /etc/ssl/key.pem; #cloudflare private key
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    # I was also trying to proxy the internal port to nginx, but either way it doesn't work
    #location / {proxy_pass http://localhost:8443/; }

}


        include /etc/nginx/conf.d/*.conf;
#       include /etc/nginx/sites-enabled/*;
}

Extra Information

  • This webapp is running on Ubuntu 20

  • Docker is pointing the frontend to port 3000 which Nginx forwards to 443

  • Docker is poiting the backend to port 8443 which is used directly in API calls from the frontend (Like https://example.com:8443/api_stuff )

  • ‘Nginx Full’ is allowed on UFW

UFW Status

[email protected]:~# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
Nginx Full                 ALLOW       Anywhere                  
8443                       ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
Nginx Full (v6)            ALLOW       Anywhere (v6)             
8443 (v6)                  ALLOW       Anywhere (v6)  

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.