Proxied Cloudflare to Plesk

Hello!

Looking at using Cloudflare for my organisation inline with Plesk.

When I set ‘Cloudflare’ to proxied mode, my websites are unreachable, and Plesk presents an error stating that the hostname cannot be resolved - then it provides the IP Address of Cloudflare. When I set it to DNS mode it works.

Obviously, when it’s set to DNS mode, I don’t get any of the benefits that Cloudflare offers.

How can I make this work? I’d have thought it would be a setting that would have to be changed/set on Cloudflare to enable this traffic to be forwarded.

The traffic is HTTP (80) and HTTPS (443).

Any guidance would be very much appreciated.

Thank you.

Are you having an A type or a CNAME type DNS record to your Plesk?
May I ask if the Plesk is running on a sub-domain?
Are there any other app running on the same port or behind some load-balancer?

Regarding an SSL certificate, have you had one installed before moving to Cloudflare? If so, does it cover both main domain and any other possible sub-domains running?

May I ask what SSL option have you got selected under SSL/TLS tab at Cloudflare dashboard? (Flexible, Full …)

Furthermore, may I ask if Cloudflare IP address(es) are allowed to connect to your origin host/server? Therefore, I am also thinking about CF-Connecting-IP and set_real_ip_from.

https://support.cloudflare.com/hc/en-us/articles/201897700-Allowing-Cloudflare-IP-addresses

Cloudflare IP addresses can be found here:

Okay, meaning both ports are compatible with Cloudflare from the list below:
https://support.cloudflare.com/hc/en-us/articles/200169156-Which-ports-will-Cloudflare-work-with-

Fritexvz,

Thanks for your reply.

On Cloudflare, there is an ‘A’ Record, which points to a Public IP of the router where the website sites behind. There is (currently) no sub-domains, and there are no other ports (it’s a 1:1 NAT)

There is no SSL Certificate on the website, although currently the web server is accepting connections on both HTTP and HTTPS.

The current mode of encryption is ‘Flexible’.

Furthermore, which may help in the troubleshooting; the domain is virtualscouts.org.uk - I’ve attached a screenshot which shows the error that I’m experiencing. It appears to be (from what I can gather) a DNS loop.

I am not restricting any HTTP/HTTPS traffic from reaching the web server.

Finally - I had disabled ‘DNS’ within Plesk - and for good measure, directed the name servers to the two that Cloudflare had supplied. (It still didn’t work without these anyway)

I look forward to your reply.

I suggest you to fix this one firstly.

That is kind of interesting, if it accepts HTTPS (listening on 443 port), but no SSL certificate on web server (meaning not giving back), so kind of confusing information here for me.

I am afraid this could be the second reason within the statement that there is no SSL certificate too.

Kindly, read more information why Flexible SSL mode is not a good one to pick, and the errors and loops that occure (written below) as you are actually having them:

I see a redirection loop and assume there could also be some mixed content in further use.
See the below two articles for more information about this:

I strongly recommend getting an installing an SSL certificate on your host origin/server and setup the Full (Strict) SSL mode.

Possible ways:

  1. Generate one using a tools like Let’s Encrypt, Acme, etc.

  2. Purchasing one from some of the SSL providers

  3. Buying a Dedicated SSL on Cloudflare: https://support.cloudflare.com/hc/en-us/articles/228009108, using Cloudflare Advanced Certificate Manager: https://developers.cloudflare.com/ssl/edge-certificates/advanced-certificate-manager

  4. I recommend this one: generate a Cloudflare Origin CA Certificate and install it

More info about generating and installing an Cloudflare Origin CA certificate (works only for web traffic if you do not have an SSL certificate) can be found on the link:

Step-by-step instructions how to propperly setup an SSL connection between your website and Cloudflare can be found here:

Available SSL options to configure:

In case if some issues appear in between:

Some helpful article regarding SSL:
https://support.cloudflare.com/hc/en-us/articles/360023792171-Getting-Started-with-Cloudflare-SSL

1 Like

Fritexvz,

Thanks for your response.

I’ll look at implementing some of the suggestions that you’ve given. However, just to point out - that the requests aren’t reaching my web server. Which suggests the lack of an SSL Certification is not the issue. Had this been the same, I would have expected a certificate warning.

I’ll look at the encryption mode also. I’ll report back later today. In the mean time - if there is anything additional - please let me know.

Thanks.
Oliver

1 Like

Fritexvz,

All sorted - you’re a star.

Thank you!
Oliver

1 Like

I am happy to assist you! :wink:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.