I am using Cloudflare as my DNS for my website everything works great. I recently setup a Nginx Reverse Proxy in order to open other services in the future but now I am having trouble accessing my website when using the proxy.
Is there anything I need to enable/disable in Cloudflare in order to access this site? Cloudflare is just showing the error page saying that the webserver is down or not responding.
Considering you are referring to “proxy” and “Cloudflare error page”, I presume you are not just using the DNS services but the full proxy service, right?
In this case you want requests to go from the browser via Cloudflare’s proxy to your Nginx proxy and then on to your internal server, correct?
Which error are you exactly getting? Can you post the domain?
Thanks for the links @dmz. After reading it carefully, I believe its something to do with my Apache configuration or Wordpress .htaccess file but I just can’t figure it out.
I will wait to see if someone has any other ideas to try.
In this case your Nginx server does not appear to be reachable for Cloudflare. It either is down altogether or there is some firewall configuration in place which prevents the connection.
@MarkMeyer and @sandro. So I tried setting up a certificate on the Nginx machine but it gave me an during the .well-known/acme-challenge. Just to be sure, I need to setup a certificate on Nginx even though the server running the website already has one in place and I am using Cloudflare? I did try setting up setting up the Server Name in Nginx as simply its IP address and the proxy pass works like it should. I am redirected to my webserver.
I did leave one important detail out I believe. I am running Wordpress as my website.
Yes, you do. The certificate on Cloudflare is irrelevant as that only covers the Cloudflare proxies. I cant tell what the actual server has configured, however you are proxying internally to HTTP, so any certificate wouldnt take effect anyhow. If that internal network is not secure you might want to switch to HTTPS there as well.
As for the certificate, it might be the easiest if you simply have a Cloudflare origin certificate issued and configure that on your Nginx instance.
So I followed your advice and created an origin certificate on Cloudflare and now everything works! I did have to remove the HTTPS redirection in my Webserver running Apache as I believe the request was coming though Cloudflare, through the proxy and to Apache and from there it was trying to redirect again to HTTPS. I removed this line from my .conf in Apache:
RewriteEngine on
RewriteCond %{SERVER_NAME} =mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
These directives are actually not an HTTPS redirect but rewriting everything based on the configured server name and the way the directive is it should actually end up in an endless loop, but I guess thats another story
I am glad everything is working now, the whole issue was most likely a non-configured HTTPS port on your Nginx side.
These directives are actually not an HTTPS redirect but rewriting everything based on the configured server name and the way the directive is it should actually end up in an endless loop, but I guess thats another story
I wasn’t aware of that and certainly way over my head .
I have one last question because I am still a bit confused with SSL on my webserver.
Before configuring the Reverse Proxy, my Web server was directly facing the internet with Cloudflare and SSL certificate using Let’s Encrypt so I discovered that to keep things safer, I should add the line I removed above to my configuration in order to redirect everything to HTTPS.
Now that the Nginx machine is using Cloudflare’s origin certificate (I also just finished setting up Authenticated Origin Pulls ), do I still need to keep this SSL certificate on the web server? And if so, later on I may end up opening another machine to internet and add it to my Nginx configuration to be proxied so I should setup Let’s Encrypt on that as well?
The bottom line is, the moment you transmit data over a potentially insecure connection (i.e. a connection which is not under your full control and which a third party could possibly monitor) you should use HTTPS.
I see. So in my case, since it’s my personal home network, it’s optional to keep a certificate since it’s secure and under my full control.
Sorry for sounding repetitive. It’s just that opening anything to the internet it’s scary and I just want to make sure I’m not leaving anything to chance.
If the connection between Nginx and Apache is just on your internal network you dont necessarily need HTTPS for Apache, you still need it on Nginx of course. Keep in mind, if a Wifi AP can access that network, it still might be accessible if someone manages to access Wifi.