Answer these questions to help the Community help you with Security questions.
What is the domain name?
It’s a reverse proxy for webmin as a subdomain.
Have you searched for an answer?
Please share your search results url:
When you tested your domain, what were the results?
The main domain works fine. The main domain is under the same Cloudflare account, proxied and DNS managed, but pointing at server1.
Subdomain webmin is pointing at server2 using an A record under the same Cloudflare account. Also proxied.
Describe the issue you are having:
Error 523 on
What error message or number are you receiving?
What steps have you taken to resolve the issue?
- Used universal SSL to encrypt the origin server
- Toggled SSL from flexible to full to full (strict) and back to off
- Redid the whole nginx config
- Wiped my server and tried again
Was the site working with SSL prior to adding it to Cloudflare?
The site did not exist with SSL prior to adding it to Cloudflare. But Webmin does work at ipv4:xxxx
What are the steps to reproduce the error:
- Go to the url? lol
- Get frustrated
- Try everything
- Give up
- Come here hoping for a solution
Have you tried from another browser and/or incognito mode?
Please attach a screenshot of the error:
You could just proxy directly to webmin from
webmin.example.com by telling Cloudflare to connect to port 10000 on your origin using origin rules and then you won’t need the nginx proxy.
Genius! I had no idea this was possible. Perfect way to bypass all of these issues, at least for testing.
Error 52Three is now 52Six “Invalid SSL Cert”. I’m using Cloudlfare’s universal SSL with wild card. I have two Universal SSL certificates, one for the IP address of each of my servers.
But how do my origin SSL certs come in to play here? I imagine nginx is being bypassed completely right now. So it’s using Webmin’s miniserv cert? I’m able to access Webmin through `http ipv4:port but not https ipv4:port. That throws a SSL Pr0tocol Error.
Upon updating Webmin’s miniserv cert to Cloudflare’s Universal cert that will include my webmin subdomain under its * wildcard, the error changed to T0O MANY REDIRECTS. No errors in miniserv logs, webmin logs, syslog or nginx log.
Webmin is still accessible through http ipv4:port and trying to access it through https ipv4:port still throws SSL Pr0tocol Error.
Not sure what else I can try considering nginx/server configuration has been rendered completely irrelevant.
Your SSL/TLS setting is probably set to “Flexible”. In that case Cloudflare is connecting to your origin only over HTTP.
You should set it to Full (strict) (and force HTTP-HTTPS redirect on Cloudflare) then you will get HTTPS between client and Cloudflare then Cloudflare and origin. However, using the default Webmin cert will throw an error via Cloudflare as it’s not signed by a CA.
You can use “Full” temporarily to check it works, but as this ignores self-signed and expired certificates, it’s not secure so you need a proper certificate. That could be from Letsencrypt or you can download an origin certificate from Cloudflare. The latter is only trusted by Cloudflare and will give a browser warning if you try to connect direct to your origin so a LE certificate might be better for you.
I toggled all the modes. The redirect is thrown on off, flexible works, and Invalid SSL is thrown on Full and Full (script).
My origin certificate from Cloudflare is included in my cert file.
I don’t mind leaving it on flexible for now, but I would prefer to put it back on full (strict). This is definitely a net win compared to before when it wasn’t accessible at all.
Yes always use Full (strict), don’t settle for less. Debug the SSL to get it to work when you connect directly to the origin (aside from certificate warning due to the Cloudflare cert), then Cloudflare should be able to do the same.
I haven’t received a (bypassable) certificate warning. Only SSL Protocol Error, Invalid SSL Error, and too many redirects.
Do you have any other ideas for what I could try?
Are those errors when accessing the host name through Cloudflare?
You need to make sure you can connect directly to your origin server over HTTPS on port 10000 (that’s when you should get the certificate warning) and ensure that your server is delivering the Cloudflare origin certificate and not something else (which is what would cause the errors you are seeing when going through Cloudflare).
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.