Nginx Reverse Proxy and Cloudflare issues

I am using Cloudflare as my DNS for my website everything works great. I recently setup a Nginx Reverse Proxy in order to open other services in the future but now I am having trouble accessing my website when using the proxy.

This is my configuration:

    server {
        listen 80;
        server_name mydomain.com www.mydomain.com;

        access_log                  /var/log/nginx/mydomain.com/access.log;
        error_log                   /var/log/nginx/mydomain.com/error.log;

        location / {
            proxy_pass http://192.168.140.10:80;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }

Is there anything I need to enable/disable in Cloudflare in order to access this site? Cloudflare is just showing the error page saying that the webserver is down or not responding.

Thank you.

Considering you are referring to “proxy” and “Cloudflare error page”, I presume you are not just using the DNS services but the full proxy service, right?

In this case you want requests to go from the browser via Cloudflare’s proxy to your Nginx proxy and then on to your internal server, correct?

Which error are you exactly getting? Can you post the domain?

Hi @sandro, sorry for delay in replying. I believe I am using Cloudflare full proxy service.

In this case you want requests to go from the browser via Cloudflare’s proxy to your Nginx proxy and then on to your internal server, correct?

Yes, that is correct. I am receiving Error 521.

Hi @chench0,
I’m not familiar with nginx, but I will try to help you.


Did you read this #CommunityTip about Error 521?

There is also a summary for all 5XX error codes:


If you have already done so, it is best to wait for @sandro or some other nginx-aware member to respond.

Hope these links can help you.

2 Likes

Thanks for the links @dmz. After reading it carefully, I believe its something to do with my Apache configuration or Wordpress .htaccess file but I just can’t figure it out.

I will wait to see if someone has any other ideas to try.

1 Like

A 521 would be covered at Community Tip - Fixing Error 521: Web server is down

In this case your Nginx server does not appear to be reachable for Cloudflare. It either is down altogether or there is some firewall configuration in place which prevents the connection.

Just to be sure:
you’re only using HTTP and not HTTPS?

2 Likes

Thats a good point.

@chench0, your current configuration appears to be insecure. You’d still need to configure your Nginx instance with a certificate on port 443.

1 Like

@sandro @MarkMeyer Yes, Nginx doesn’t have a certificate yet. I will try to issue one and report back.

@MarkMeyer and @sandro. So I tried setting up a certificate on the Nginx machine but it gave me an during the .well-known/acme-challenge. Just to be sure, I need to setup a certificate on Nginx even though the server running the website already has one in place and I am using Cloudflare? I did try setting up setting up the Server Name in Nginx as simply its IP address and the proxy pass works like it should. I am redirected to my webserver.

I did leave one important detail out I believe. I am running Wordpress as my website.

Yes, you do. The certificate on Cloudflare is irrelevant as that only covers the Cloudflare proxies. I cant tell what the actual server has configured, however you are proxying internally to HTTP, so any certificate wouldnt take effect anyhow. If that internal network is not secure you might want to switch to HTTPS there as well.

As for the certificate, it might be the easiest if you simply have a Cloudflare origin certificate issued and configure that on your Nginx instance.

1 Like

So I followed your advice and created an origin certificate on Cloudflare and now everything works! I did have to remove the HTTPS redirection in my Webserver running Apache as I believe the request was coming though Cloudflare, through the proxy and to Apache and from there it was trying to redirect again to HTTPS. I removed this line from my .conf in Apache:

RewriteEngine on

RewriteCond %{SERVER_NAME} =mydomain.com

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Does this makes sense?

These directives are actually not an HTTPS redirect but rewriting everything based on the configured server name and the way the directive is it should actually end up in an endless loop, but I guess thats another story :smile:

I am glad everything is working now, the whole issue was most likely a non-configured HTTPS port on your Nginx side.

These directives are actually not an HTTPS redirect but rewriting everything based on the configured server name and the way the directive is it should actually end up in an endless loop, but I guess thats another story

I wasn’t aware of that and certainly way over my head :smile:.

I have one last question because I am still a bit confused with SSL on my webserver.

Before configuring the Reverse Proxy, my Web server was directly facing the internet with Cloudflare and SSL certificate using Let’s Encrypt so I discovered that to keep things safer, I should add the line I removed above to my configuration in order to redirect everything to HTTPS.

Now that the Nginx machine is using Cloudflare’s origin certificate (I also just finished setting up Authenticated Origin Pulls :slight_smile: ), do I still need to keep this SSL certificate on the web server? And if so, later on I may end up opening another machine to internet and add it to my Nginx configuration to be proxied so I should setup Let’s Encrypt on that as well?

I addressed that earlier

The bottom line is, the moment you transmit data over a potentially insecure connection (i.e. a connection which is not under your full control and which a third party could possibly monitor) you should use HTTPS.

1 Like

I see. So in my case, since it’s my personal home network, it’s optional to keep a certificate since it’s secure and under my full control.

Sorry for sounding repetitive. It’s just that opening anything to the internet it’s scary and I just want to make sure I’m not leaving anything to chance.

If the connection between Nginx and Apache is just on your internal network you dont necessarily need HTTPS for Apache, you still need it on Nginx of course. Keep in mind, if a Wifi AP can access that network, it still might be accessible if someone manages to access Wifi.

1 Like

Thank you very much for all your help!!! :smiley:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.