Simply proxy pass issue

I am running a simple Flask app that runs on localhost and port 33. With the following config and only DNS forwarding from Cloudflare I can see the “Hello world” example. When I turn on DNS + HTTPS I cannot access the simple app anymore. Do I need to change something?

dev.jitsejan.com.conf

server {
    listen 80;
    server_name dev.jitsejan.com;

    location / {
        proxy_pass http://127.0.0.1:33;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host:$server_port;
        proxy_buffering off;
        proxy_read_timeout 86400;
    }

}

On HTTP I get a 502 from your server, on HTTPS I first get an invalid certificate and a login page upon ignoring the certificate warning.

Going through Cloudflare I get a redirect to HTTPS where I then get same login page.

Okay, very strange. First of all, I re-enabled the simple Flask app, so the http://dev.jitsejan.com works.

I have just set up a Jupyter notebook server under jupyter.jitsejan.com, which works with https:// after creating the certificates myself. The config for that is the following. I am not sure why the https://dev.jitsejan.com would redirect you to the login page of Jupyter…


upstream notebook {
    server localhost:8181;
}

server {
    listen 80;
    server_name jupyter.jitsejan.com;

    location / {
        proxy_pass https://notebook;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_buffering off;
        proxy_read_timeout 86400;
    }


    listen          443 ssl; # managed by Certbot
    ssl_certificate     /etc/letsencrypt/live/jupyter.jitsejan.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/jupyter.jitsejan.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location /api/kernels/ {
        proxy_pass            https://notebook;
        proxy_set_header      Host $host;
        # websocket support
        proxy_http_version    1.1;
        proxy_set_header      Upgrade "websocket";
        proxy_set_header      Connection "Upgrade";
        proxy_read_timeout    86400;
    }


    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot

}

Thats something you will need to debug on your machine but it still returns that login page.

I thought by enabling both DNS and Proxy that the SSL was taken care of. Or is that only for the main domain name?

No, Cloudflare doesnt not take care of SSL, you still need a valid SSL configuration on your server. Cloudflare only takes care of the SSL configuration on the edge.

Okay. Sounds that I need to sort things out better on the VPS. I will try to read in some documentation on when to actually use the Cloudflare proxy.

Thank you for the help.

Cloudflare basically just tunnels through requests one-to-one.

This topic was automatically closed after 31 days. New replies are no longer allowed.