August 14, 20223 yr Hello, Tried posting this on the cloudflare community but it wouldn't let me as "you can't include links in your posts" for some reason, even though I had no links. So here I am posting this here instead. My domain name is stratz.me. I am trying to create various subdomains to connect to my docker container GUIs over the internet via a secure encrypted connection. However, I keep getting 521 errors when trying to connect through https. My server is running unraid OS, reverse proxy is NGINX proxy manager with an origin certificate from cloudflare added to it, my router has port 80/443 forwarded to 180/1443 respectively (HTTP/HTTPS ports of NGINX proxy manager), and cloudflare SSL is set to full (strict). I have 2 questions: 1. My DNS records are shown below: The 1st A record points to my public IP and the 2nd points to the local IP of my unraid server, then I have a CNAME for my jellyfin docker that points to a duckdns domain, which points to my public IP. Could someone tell me if this is correct? 2. I came across another post with a similar issue as me and mentioned adding cloudflare iptables to the server to fix the issue, which included a link to some commands to do this as shown below: # For IPv4 addresses iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT # For IPv6 addresses ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT However, I'm confused as to where I run these commands? Do I open up the command prompt within my unraid server or SSH into the server? Some clarification here would be nice as I am not an experienced linux user. Also of note, when I unproxy my jellyfin CNAME on cloudflare, I no longer get a 521 error but instead get the error code "ERR_SSL_VERSION_OR_CIPHER_MISMATCH". Not sure if this helps but I thought I'd add this detail in regardless. Lastly, here are my results when testing my URL on the cloudflare diagnostics center. DNS results: HTTP results: SSL results: Please guide me as this is my first server I've ever built. Thank you
August 15, 20223 yr Try setting CNAME for jellyfin to have context stratz.me If your NPM is set up correctly, you should be able to access your jellyfin at jellyfin.stratz.me
September 25, 20223 yr I'm having a very similar (possibly identical) problem. I'm scratching my head with it and have retraced my steps and tried setting it all up again based on Ibracorps video, but no joy. Did you ever resolve this?
September 26, 20223 yr Author Solution So I never figured it out in the method I described above. But I did find a different method that achieved the same result successfully using Cloudflare tunnels. Following Ibracorps tutorial (https://docs.ibracorp.io/cloudflare-tunnel/) allowed me to reverse proxy all my docker services with an SSL certificate without any port forwards and according to Ibracorp, Cloudflare tunnelling is a faster and more secure method for self-hosting on the internet. Hope this helps you out and let me know if you have anymore questions
September 26, 20223 yr Thanks for replying! All I’m looking to do is have family to access overseerr from the internet. Will the tunnel method achieve this?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.