We recently moves all domain hosting and DNS to Cloudflare. The domain privacy and security options were a huge plug.

We are having one issue though. The sob domain that servers our Collabora server does not function then enable DNS proxy. I searched and could not find any assistance with this. Collabora uses standard http and https requests, so I’m not sure if it’s a configuration issue or something else.

Can someone with more knowledge on Cloudflare infrastructure provide some insight into why this would not be working? Is there a solution?

May I ask what error do you get?

Also, may I ask was the sub-domain with Collabora working before you moved to Cloudflare?

Furthermore, was it working over HTTPS and did you had an valid SSL certificate covering your sub-domain?

Is it maybe some hosted app and you are using a CNAME record, or rather self-hosted, and you are using an A type of DNS record?

Do you also use your Collabora app over some specific network port maybe?

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

Is Cloudflare allowed to connect to your origin host / server, or rather you are using some Firewall which could potentially block requests/connections comming from Cloudflare?

I believe yes, there is always a solution, but maybe we have to troubleshoot what the issue is so we could fix it and find a proper solution for it

@fritex thanks for the follow-up.

Prior to the move, yes it was working. And it will work now with DNS hosted on Cloudflare. However, the proxy option needs to be set to DNS only for it to work. The Collabora server sits behind an Nginx reverse proxy within our network. All SSL certificates are handled on Nginx with all external traffic directed to Nginx.

The subdomain is set up using an A record. We currently just use Collabora with Nextcloud document editing. The SSL option is currently set to Full within Cloudflare. We do have a firewall in place with rules created to forward all 443 and 80 traffic to Nginx.

Thank you for feedback information.
Great.

Kindly, switch from current Full to Full (Strict) SSL:

Could you please re-check if Cloudflare is allowed to connect to it and if it’s bypassed/whitelisted by the IP address ranges from below article and link here:

• https://support.cloudflare.com/hc/en-us/articles/201897700-Allowing-Cloudflare-IP-addresses

• https://www.cloudflare.com/ips/

Could you be more specific?

Are you accessing your Collabora over the www.sub.domain.com or sub.domain.com?

Some part of it, or do you get some error, or cannot login, or the caching issue could be, cannot upload files, …?

Are you seeing any errors in your browser’s Dev Tools’ Console or Network tabs?

I will research the article you provided regarding the SSL option.

The firewall has been provisioned with the IP’s provided by Cloudflare. We have other web services externally exposed and they work just fine.

Collabora is accessed from office.domain.com. In the DNS settings within Cloudflare, if the A record for this subdomain is set to DNS Only, all is good. If the option is changed to Proxy, we have the issue. As fare as errors, we simply receive an error stating it failed to connect to office.domain.com

Could you somehow catch and share a screenshot of it?

All the Cloudflare errors are listed at the below link with some more description of the each one:

• https://support.cloudflare.com/hc/en-us/articles/115003011431-Troubleshooting-Cloudflare-5XX-errors

As I do not know exactly whic one, unfortunately I am afraid I cannot provide more useful feedback information to resolve your issue.

It took some digging but I was able to identify the error. It was Error: 1020 which indicates a Cloudflare firewall rule. We have resolved the issue. Thanks for your help.

I am happy to hear this!

That would have been helpful to know about earlier. It was the very first thing fritex asked.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.