noobguy Posted October 8, 2021 Share Posted October 8, 2021 @Sycotix thanks for the great tutorial here. I followed the instructions as you provided but ran into some problem and wondering if you or anyone else would have any suggestions. PROBLEM I am getting the Cloudflare error page when I browse to my subdomain with error 521 (webserver is down). The web server I want to host on NPM is up and running and I can reach it on the LAN by going to its local IP address. I further did a packet capture on the switch port connecting the NPM server and what I see is that the communication is breaking down at the initial TCP handshake. The Cloudflare server sends a TCP SYN to NPM but NPM responds with a RST. I verified the port forwarding is working correctly and we see destination port tcp/18443. If I browse to the NPM local IP on port 8080 I do get the congratulations page. SETUP I'm using a Cloud Origin CA cert on Cloudflare. I have port forwards on my router for 443 & 80 to go to 18443 & 1880, respectively. My Cloudflare DNS records are setup so that I have an A record for my root domain set to my public IP address and a CNAME for my subdomain. On NPM I added the Origin cert and setup the host with the following settings: Details scheme: http Forward: local IP of server forward port: 5055 cache assets: enabled block common exploits: enabled websocket support: enabled SSL force SSL: enabled HTTP/2 support: enabled If any other details are needed then please let me know. Any help or advice is much appreciated. Cheers! Quote Link to comment
Sycotix Posted October 8, 2021 Author Share Posted October 8, 2021 13 minutes ago, noobguy said: @Sycotix thanks for the great tutorial here. I followed the instructions as you provided but ran into some problem and wondering if you or anyone else would have any suggestions. PROBLEM I am getting the Cloudflare error page when I browse to my subdomain with error 521 (webserver is down). The web server I want to host on NPM is up and running and I can reach it on the LAN by going to its local IP address. I further did a packet capture on the switch port connecting the NPM server and what I see is that the communication is breaking down at the initial TCP handshake. The Cloudflare server sends a TCP SYN to NPM but NPM responds with a RST. I verified the port forwarding is working correctly and we see destination port tcp/18443. If I browse to the NPM local IP on port 8080 I do get the congratulations page. SETUP I'm using a Cloud Origin CA cert on Cloudflare. I have port forwards on my router for 443 & 80 to go to 18443 & 1880, respectively. My Cloudflare DNS records are setup so that I have an A record for my root domain set to my public IP address and a CNAME for my subdomain. On NPM I added the Origin cert and setup the host with the following settings: Details scheme: http Forward: local IP of server forward port: 5055 cache assets: enabled block common exploits: enabled websocket support: enabled SSL force SSL: enabled HTTP/2 support: enabled If any other details are needed then please let me know. Any help or advice is much appreciated. Cheers! Well written mate! So, if you go to you public IP and port will it let you reach the app? Quote Link to comment
noobguy Posted October 8, 2021 Share Posted October 8, 2021 (edited) 28 minutes ago, Sycotix said: Well written mate! So, if you go to you public IP and port will it let you reach the app? Thanks!! It is the same issue. If I open up my firewall to all IP's (instead of just CF ones) and hit my Public IP I can't reach it. Packet captures on LAN confirm source IP is from my phone instead of CF and destination port is tcp/18443 is reaching NPM but still is responding with RST's. Edited October 8, 2021 by noobguy Quote Link to comment
pmlucescu Posted October 9, 2021 Share Posted October 9, 2021 Seems I have the same issue as well. Additionally, when using flexible mode in Cloudflare, the unraid web gui loads when accessing example.domain.com even if this is set up to point to another docker in Nginx Proxy Manager. Quote Link to comment
jbrukardt Posted December 7, 2021 Share Posted December 7, 2021 I also have the exact same issue. I think we're all fundamentally missing something. Perhaps something with the port fowards? Quote Link to comment
Sycotix Posted December 7, 2021 Author Share Posted December 7, 2021 If it works on Flexible and not on strict it could be your SSL certs. We highly recommend you run the tunnel to avoid poet forwarding entirely. Be sure to check our docs at: https://docs.ibracorp.io Quote Link to comment
noobguy Posted December 8, 2021 Share Posted December 8, 2021 (edited) I never really solved this but I did test this out using another (edit: NPM image) from CA and it worked with no other change on my side. I'm happy to test anything to get this docker image working. Just let me know. Edited December 8, 2021 by noobguy Quote Link to comment
Avsynthe Posted April 25, 2022 Share Posted April 25, 2022 (edited) I'm also having the same issue. Browser is throwing 521 error when on anything but flexible with 2 different NPM images Edit: Figured this out. For some reason the ONLY thing that would get this to work for me was disabling "Force SSL" in each host proxy. Cloudflare is still set to Full (Strict) and everything is now working. Really strange as HSPS is also enabled in Cloudflare, and disabling Force SSL obviously grays out those options in NGINX... but she works lol Edited May 1, 2022 by Avsynthe Quote Link to comment
Breadford Posted December 1, 2022 Share Posted December 1, 2022 (edited) On 4/25/2022 at 1:29 AM, Avsynthe said: I'm also having the same issue. Browser is throwing 521 error when on anything but flexible with 2 different NPM images Edit: Figured this out. For some reason the ONLY thing that would get this to work for me was disabling "Force SSL" in each host proxy. Cloudflare is still set to Full (Strict) and everything is now working. Really strange as HSPS is also enabled in Cloudflare, and disabling Force SSL obviously grays out those options in NGINX... but she works lol Don't know how you figured this out... but I tried the same after banging my head against a wall all day and it fixed it. Thanks for sharing! Edited December 1, 2022 by Breadford Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.