Looking at using Cloudflare for my organisation inline with Plesk.
When I set ‘Cloudflare’ to proxied mode, my websites are unreachable, and Plesk presents an error stating that the hostname cannot be resolved - then it provides the IP Address of Cloudflare. When I set it to DNS mode it works.
Obviously, when it’s set to DNS mode, I don’t get any of the benefits that Cloudflare offers.
How can I make this work? I’d have thought it would be a setting that would have to be changed/set on Cloudflare to enable this traffic to be forwarded.
Are you having an A type or a CNAME type DNS record to your Plesk?
May I ask if the Plesk is running on a sub-domain?
Are there any other app running on the same port or behind some load-balancer?
Regarding an SSL certificate, have you had one installed before moving to Cloudflare? If so, does it cover both main domain and any other possible sub-domains running?
May I ask what SSL option have you got selected under SSL/TLS tab at Cloudflare dashboard? (Flexible, Full …)
Furthermore, may I ask if Cloudflare IP address(es) are allowed to connect to your origin host/server? Therefore, I am also thinking about CF-Connecting-IP and set_real_ip_from.
On Cloudflare, there is an ‘A’ Record, which points to a Public IP of the router where the website sites behind. There is (currently) no sub-domains, and there are no other ports (it’s a 1:1 NAT)
There is no SSL Certificate on the website, although currently the web server is accepting connections on both HTTP and HTTPS.
The current mode of encryption is ‘Flexible’.
Furthermore, which may help in the troubleshooting; the domain is virtualscouts.org.uk - I’ve attached a screenshot which shows the error that I’m experiencing. It appears to be (from what I can gather) a DNS loop.
I am not restricting any HTTP/HTTPS traffic from reaching the web server.
Finally - I had disabled ‘DNS’ within Plesk - and for good measure, directed the name servers to the two that Cloudflare had supplied. (It still didn’t work without these anyway)
That is kind of interesting, if it accepts HTTPS (listening on 443 port), but no SSL certificate on web server (meaning not giving back), so kind of confusing information here for me.
I am afraid this could be the second reason within the statement that there is no SSL certificate too.
Kindly, read more information why Flexible SSL mode is not a good one to pick, and the errors and loops that occure (written below) as you are actually having them:
I see a redirection loop and assume there could also be some mixed content in further use.
See the below two articles for more information about this:
I strongly recommend getting an installing an SSL certificate on your host origin/server and setup the Full (Strict) SSL mode.
Possible ways:
Generate one using a tools like Let’s Encrypt, Acme, etc.
I recommend this one: generate a Cloudflare Origin CA Certificate and install it
More info about generating and installing an Cloudflare Origin CA certificate (works only for web traffic if you do not have an SSL certificate) can be found on the link:
I’ll look at implementing some of the suggestions that you’ve given. However, just to point out - that the requests aren’t reaching my web server. Which suggests the lack of an SSL Certification is not the issue. Had this been the same, I would have expected a certificate warning.
I’ll look at the encryption mode also. I’ll report back later today. In the mean time - if there is anything additional - please let me know.
