Proxied vs DNS only: only loads when DNS only is set

Website, Application, Performance Getting Started
1

What is the name of the domain?

prkr.computer

What is the error number?

521

What is the error message?

Web server is down

What is the issue you’re encountering

reverse proxy works when dns records are set to dns only, but do not when dns records are set to proxied

What steps have you taken to resolve the issue?

Ive tried many things but this is the best result I can reach. Mainly tried different configurations of nginx.

What are the steps to reproduce the issue?

I don’t know what to put here.

Here are the relevant nginx configs:

configuration on the reverse proxy:
http://termbin.com/g7aq

freshrss config:
http://termbin.com/9m9c

2

What’s your encryption mode on Cloudflare?

3

Flexible

4

Flexible disables encryption and must never be used, as it breaks sites.

Make sure it is set to Full Strict.

1 Like
5

Yep, that worked. Very simple answer. Thank you!!

6

I switched to Full, and it loaded perfectly, but when I switched to Full Strict, I started getting error 526

7

Full is equally insecure, it needs to be Full Strict.

Pause Cloudflare and make sure your site is working fine on HTTPS without Cloudflare. Then it will also work with Cloudflare.

8

How would I go about setting up my site for strict mode? Practically, what separates Full and Strict?

9

As mentioned, pause Cloudflare and make sure the site loads fine on HTTPS. That’s the first step.

11

I did. The site/reverse proxy worked

12

Then it will work on Full Strict.

13

When I turn on Full Strict the reverse proxy keeps returning error 526

14

All right, Cloudflare is not paused yet. Can you pause Cloudflare?

And can you switch to Full Strict.

15

Done! still receiving error 526 :frowning: except on the domain with no subdomains

16

On which URL do you exactly get the error?

17

either bag.prkr.computer, rss.prkr.computer, or cal.prkr.computer. prkr.computer loads correctly

18

Well, as already mentioned, these sites need to load fine on HTTPS in the first place and they do not.

sitemeer.com/#03ef302da7632478c3b3401c81388db518392eab

You first need to fix the server.

19

where should I look to ‘fix the server’? Is there any lead in the way that it works in Full but does not in Strict?

20

On the server, your site simply is not securely configured right now and you need to fix the certificate.

21

I thought you only would need an origin certificate from cloudflare? Do I need certificates for each subdomain? Do I need to use lets encrypt or are self signed certificates okay?