I have activated a domain about a couple of weeks ago, janaxhell.com, set everything and checked multiple times in documentation, community and also reddit users, but no matter what, my domain cannot reach my homeserver. The A record is fully propagated, but none of the CNAMEs are.
If I disable Proxied, they propagate, but as I re-renable it, they’re back to invisible.
I have a x86 homeserver with OpenMediaVault6+Docker+Portainer
I have just changed ISP and they gave me a fritz.box 4040 router.
I have installed PiHole as DNS server to bypass fritz.box, otherwise my domain lands on router login page.
This is the screenshot gallery
Since Debian/OMV uses port 53 like Pihole, I first tried to disable it, but since it still didn’t work, I moved Pihole container to a macvlan network, and that’s the 192.168.1.2 address that you see in the screenshots.
No other device in my network has that IP, no conflict.
Now /etc/systemd/resolved.conf looks like this
DNS=1.1.1.1
FallbackDNS=1.0.0.1
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=yes
#LLMNR=yes
Cache=no
DNSStubListener=no
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
DNSStubListener=no
My OMV6 server is 192.168.1.94, hence all services on NPM point to that same IP
My chain is:
Cloudflare to my public IP (added Cloudflare DDNS service to keep my public IP up to date)
In Fritz.box
DNS server to Pihole IP 192.168.1.2 (same on Windows and OMV)
In Pihole
DNS Records:
janaxhell.com = 192.168.1.94 (-> Ip of NPM)
CNAMES:
dash → janaxhell.com
music → janaxhell.com, and so on
In Nginx Proxy Manager
Proxy Hosts to their relative local IP+port → 192.168.1.94:xxx
When I try any of my (sub)domains I land on a CF error page:
Error 523 Ray ID: 713dd378cd42739f • 2022-05-31 06:59:18 UTC
Origin is unreachable
Cloudflare diagnostics tool gives all OK except these 2 errors:
Check the HTTPS status
Does the site respond with a succesful HTTPS status?Error Found
Description
fail
No, your request failed with a response status of 400 or above.
==============================================================
Check the site for mixed content
Does the website mix encrypted and non-encrypted content?Error Found
Description
response_non_200
The site’s web server responded with a status code that isn’t 200 (OK).
But I don’t have a site or web-page with mixed content, just Heimdall dashboard for dash, Navidrome for music, Kavita for comics, Nginx Proxy Manager for npm and OpenMediavault for www.
NSlookup responds like this:
C:\Windows\system32>nslookup dash.janaxhell.com
Server: pi.hole
Address: 192.168.1.2
Risposta da un server non autorevole:
Nome: dash.janaxhell.com
Addresses: 2606:4700:3030::6815:e6a
2606:4700:3036::ac43:9ea5
104.21.14.106
172.67.158.165
I’ve been told on Reddit it should resolve to my NPM IP, not Cloudflare’s.
Before doing all this, with a simple CF domain pointing at NPM with no Pihole, all my (sub)domains led me to the fritz.box login page. My public IP was “my router”.
Pihole now works great as DNS server from my Windows PC, it traps a lot of ads, gathers stats and so on, so it has no problem by itslef, but it cannot talk to NPM or viceversa.
