** GUIDE ** How to configure Cloudflare on your unRAID server with NGINX Proxy Manager


Sycotix

Recommended Posts

  • 8 months later...

@Sycotix thanks for the great tutorial here. I followed the instructions as you provided but ran into some problem and wondering if you or anyone else would have any suggestions.

 

PROBLEM

I am getting the Cloudflare error page when I browse to my subdomain with error 521 (webserver is down). The web server I want to host on NPM is up and running and I can reach it on the LAN by going to its local IP address. I further did a packet capture on the switch port connecting the NPM server and what I see is that the communication is breaking down at the initial TCP handshake. The Cloudflare server sends a TCP SYN to NPM but NPM responds with a RST. I verified the port forwarding is working correctly and we see destination port tcp/18443.

 

If I browse to the NPM local IP on port 8080 I do get the congratulations page.

 

SETUP

I'm using a Cloud Origin CA cert on Cloudflare. I have port forwards on my router for 443 & 80 to go to 18443 & 1880, respectively. My Cloudflare DNS records are setup so that I have an A record for my root domain set to my public IP address and a CNAME for my subdomain. On NPM I added the Origin cert and setup the host with the following settings:

 

Details

  • scheme: http
  • Forward: local IP of server
  • forward port: 5055
  • cache assets: enabled
  • block common exploits: enabled
  • websocket support: enabled

 

SSL

  • force SSL: enabled
  • HTTP/2 support: enabled

 

If any other details are needed then please let me know. Any help or advice is much appreciated. Cheers!

Link to comment
13 minutes ago, noobguy said:

@Sycotix thanks for the great tutorial here. I followed the instructions as you provided but ran into some problem and wondering if you or anyone else would have any suggestions.

 

PROBLEM

I am getting the Cloudflare error page when I browse to my subdomain with error 521 (webserver is down). The web server I want to host on NPM is up and running and I can reach it on the LAN by going to its local IP address. I further did a packet capture on the switch port connecting the NPM server and what I see is that the communication is breaking down at the initial TCP handshake. The Cloudflare server sends a TCP SYN to NPM but NPM responds with a RST. I verified the port forwarding is working correctly and we see destination port tcp/18443.

 

If I browse to the NPM local IP on port 8080 I do get the congratulations page.

 

SETUP

I'm using a Cloud Origin CA cert on Cloudflare. I have port forwards on my router for 443 & 80 to go to 18443 & 1880, respectively. My Cloudflare DNS records are setup so that I have an A record for my root domain set to my public IP address and a CNAME for my subdomain. On NPM I added the Origin cert and setup the host with the following settings:

 

Details

  • scheme: http
  • Forward: local IP of server
  • forward port: 5055
  • cache assets: enabled
  • block common exploits: enabled
  • websocket support: enabled

 

SSL

  • force SSL: enabled
  • HTTP/2 support: enabled

 

If any other details are needed then please let me know. Any help or advice is much appreciated. Cheers!

Well written mate!

 

So, if you go to you public IP and port will it let you reach the app?

Link to comment
28 minutes ago, Sycotix said:

Well written mate!

 

So, if you go to you public IP and port will it let you reach the app?

Thanks!!

 

It is the same issue. If I open up my firewall to all IP's (instead of just CF ones) and hit my Public IP I can't reach it. Packet captures on LAN confirm source IP is from my phone instead of CF and destination port is tcp/18443 is reaching NPM but still is responding with RST's.

Edited by noobguy
Link to comment
  • 1 month later...
  • 4 months later...

I'm also having the same issue. Browser is throwing 521 error when on anything but flexible with 2 different NPM images

Edit: Figured this out. For some reason the ONLY thing that would get this to work for me was disabling "Force SSL" in each host proxy. Cloudflare is still set to Full (Strict) and everything is now working. Really strange as HSPS is also enabled in Cloudflare, and disabling Force SSL obviously grays out those options in NGINX... but she works lol

Edited by Avsynthe
Link to comment
  • 7 months later...
On 4/25/2022 at 1:29 AM, Avsynthe said:

I'm also having the same issue. Browser is throwing 521 error when on anything but flexible with 2 different NPM images

Edit: Figured this out. For some reason the ONLY thing that would get this to work for me was disabling "Force SSL" in each host proxy. Cloudflare is still set to Full (Strict) and everything is now working. Really strange as HSPS is also enabled in Cloudflare, and disabling Force SSL obviously grays out those options in NGINX... but she works lol

 

Don't know how you figured this out... but I tried the same after banging my head against a wall all day and it fixed it. Thanks for sharing!

Edited by Breadford
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.