Switched to Cloudflare; Now cannot access domain

I have been tasked with looking into Cloudflare for a customer. I’m new to Cloudflare. So, since I had a webserver running at my location, I decided to use it for test and learning purposes. However, now that I have switched over, I’m unable to access anything in the domain externally. Internally, however, I am able, but with an SSL error about the issuer of the certificate not being valid. I’m assuming that’s because it’s an Origin CA, which is essentially self signed.

Here are the details:

  • The server worked fine before switching
  • The server had a working SSL cert
  • The server is Nginx, 1.18
  • Set up Cloudflare successfully, with domains handled by Cloudflare but registered elsewhere.
  • I have verified the nameservers are correct at the registrar.
  • The DNS A records in Cloudflare are proxied
  • The IP address of the server is correct in Cloudflare DNS.
  • Pinging finds the domain, and pings fine, albeit not the ip address of my server. I’m assuming that’s because of the way Cloudflare works.
  • Ports on the domain are non-standard ports. IE, multiple ports open but not listening on 443 or 80.
  • Origin CA certs are installed in NGinx.
  • SSL tests show a grade of “A” on the domain.
  • Nginx set up to accept TLS 1.2 or 1.3 only.
  • In the local network, as stated before, I get the issuer error, but I am able to access the application(s).
  • I have tried with Authenticated Origin Pulls enable and disabled.
  • I have also tried accessing other non-SSL services on the ports. They do not respond either.
  • Trying with the IP address in Cloudflare DNS, (which is the actual IP address), I’m able to access the server.

So, in summary, this appears to be a problem with the DNS proxy part of Cloudflare rather than an SSL issue.

Please advise, and thanks in advance.

Cloudflare only supports certain ports for HTTP/HTTPS with proxying. Check out Network ports · Cloudflare Fundamentals docs to see the full list.

2 Likes

Thanks. I completely missed that article, or forgot that I read it. Unfortunately, this client has multiple ports open for various purposes on that particular domain. I’ll have to find out if they want to go ahead and spend money on this project.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.