Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

521 error using NGINX proxy manager and cloudflare

Featured Replies

Hello,

 

Tried posting this on the cloudflare community but it wouldn't let me as "you can't include links in your posts" for some reason, even though I had no links. So here I am posting this here instead.

 

My domain name is stratz.me. I am trying to create various subdomains to connect to my docker container GUIs over the internet via a secure encrypted connection. However, I keep getting 521 errors when trying to connect through https.

 

My server is running unraid OS, reverse proxy is NGINX proxy manager with an origin certificate from cloudflare added to it, my router has port 80/443 forwarded to 180/1443 respectively (HTTP/HTTPS ports of NGINX proxy manager), and cloudflare SSL is set to full (strict).

 

I have 2 questions:
1. My DNS records are shown below:

image.thumb.png.bf44de186260ecae7f241d8522ce9c6d.png


The 1st A record points to my public IP and the 2nd points to the local IP of my unraid server, then I have a CNAME for my jellyfin docker that points to a duckdns domain, which points to my public IP. Could someone tell me if this is correct?

 

2. I came across another post with a similar issue as me and mentioned adding cloudflare iptables to the server to fix the issue, which included a link to some commands to do this as shown below:

 

# For IPv4 addresses
iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
# For IPv6 addresses
ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT

 

However, I'm confused as to where I run these commands? Do I open up the command prompt within my unraid server or SSH into the server? Some clarification here would be nice as I am not an experienced linux user.
 

Also of note, when I unproxy my jellyfin CNAME on cloudflare, I no longer get a 521 error but instead get the error code "ERR_SSL_VERSION_OR_CIPHER_MISMATCH". Not sure if this helps but I thought I'd add this detail in regardless.

 

Lastly, here are my results when testing my URL on the cloudflare diagnostics center.
DNS results:
image.thumb.png.2a3f245fa3b373606ed546071940644f.png

 

HTTP results:
image.thumb.png.f64431ff7b213776eba239bef420b980.png

 

SSL results:
image.thumb.png.552289b3e17c860abac83eaf848793d7.png

 

Please guide me as this is my first server I've ever built.

 

Thank you

Solved by dswede43

Try setting CNAME for jellyfin to have context stratz.me

 

If your NPM is set up correctly, you should be able to access your jellyfin at jellyfin.stratz.me

  • 1 month later...

I'm having a very similar (possibly identical) problem.  I'm scratching my head with it and have retraced my steps and tried setting it all up again based on Ibracorps video, but no joy.  Did you ever resolve this?

  • Author
  • Solution

So I never figured it out in the method I described above. But I did find a different method that achieved the same result successfully using Cloudflare tunnels. Following Ibracorps tutorial (https://docs.ibracorp.io/cloudflare-tunnel/) allowed me to reverse proxy all my docker services with an SSL certificate without any port forwards and according to Ibracorp, Cloudflare tunnelling is a faster and more secure method for self-hosting on the internet.

 

Hope this helps you out and let me know if you have anymore questions

Thanks for replying! All I’m looking to do is have family to access overseerr from the internet. Will the tunnel method achieve this? 

  • Author

Yes, it will work for any docker service you wish to reverse proxy

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.