Hi guys, would be happy to receive some input on my current problem. I spun up my own Lemmy instance yesterday using the ansible playbook on newly set up VPS with it’s own IPv4. Since I also had an unused domain I choose to use it exclusively for Lemmy. I therefore set the domain in the hosts file to exactly that one. I created the follwing DNS entries in Cloudflare for it:

  • A Record with name www pointing towards the ip
  • A CName pointing the domain without subdomain towards the www.subdomain.de thing

Both without a activating their proxies. As soon as I’m activating their proxies my instances becomes unreachable and if I’m calling www.my-domain.de I’m seeing an Nginx error page. Is there a smart way anyone of you knows how I could setup my dns records in a way that I’m able to use Cloudflare proxies to kinda encapsulate my vps a bit more?

EDIT: I got it solved, first on, I was most probably an idiot when setting the SSL settings. I could be possible that I changed them for the wrong domain. So in the end I did two things. First on I changed the CNAME thing into another A record pointing directly towards the server ip. I suspect this was not the root cause. Because after changing the DNS settings I discovered that again the SSL settings were set to Flexible this is basically a setting where Cloudflare assumes you are somehow unable to get your own SSL certificate on your server and therefore only the traffic between the users browser and them is encrypted but the traffic towards your server is not. That was most probably the main reason since this should cause an infinite forwarding of Cloudflare trying http but my server was redirecting them to https (for more info see here). I set it to Full (strict) meaning now all the traffic is encrypted using my certificate.

After both changes it works now, and when pinging the url some random Cloudflare IP shows up and “my” ip is hidden.

Old DNS settings: Old DNS settings

New DNS settings: New DNS settings

EDIT 1: Changed the title from xyz (SOLVED) to [SOLVED] xyz

  • ture@rational-racoon.deOP
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    I’ll look into it as soon as I’m back at my computer. The playbook contains certbot and requests its own ssl certificate and I also use certbot and cloudflare for my homeserver, so I should be able to easily compare settings there. Haven’t thought of it maybe being an SSL issue since the usual your page is unsafe and so things didn’t pop up.

    • ture@rational-racoon.deOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      2 years ago

      Tried turning ssl on/ off; always the same result.

      EDIT: See the edit in the post; most probably it actually helped.