dswede43 Posted August 14, 2022 Share Posted August 14, 2022 Hello, Tried posting this on the cloudflare community but it wouldn't let me as "you can't include links in your posts" for some reason, even though I had no links. So here I am posting this here instead. My domain name is stratz.me. I am trying to create various subdomains to connect to my docker container GUIs over the internet via a secure encrypted connection. However, I keep getting 521 errors when trying to connect through https. My server is running unraid OS, reverse proxy is NGINX proxy manager with an origin certificate from cloudflare added to it, my router has port 80/443 forwarded to 180/1443 respectively (HTTP/HTTPS ports of NGINX proxy manager), and cloudflare SSL is set to full (strict). I have 2 questions: 1. My DNS records are shown below: The 1st A record points to my public IP and the 2nd points to the local IP of my unraid server, then I have a CNAME for my jellyfin docker that points to a duckdns domain, which points to my public IP. Could someone tell me if this is correct? 2. I came across another post with a similar issue as me and mentioned adding cloudflare iptables to the server to fix the issue, which included a link to some commands to do this as shown below: # For IPv4 addresses iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT # For IPv6 addresses ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT However, I'm confused as to where I run these commands? Do I open up the command prompt within my unraid server or SSH into the server? Some clarification here would be nice as I am not an experienced linux user. Also of note, when I unproxy my jellyfin CNAME on cloudflare, I no longer get a 521 error but instead get the error code "ERR_SSL_VERSION_OR_CIPHER_MISMATCH". Not sure if this helps but I thought I'd add this detail in regardless. Lastly, here are my results when testing my URL on the cloudflare diagnostics center. DNS results: HTTP results: SSL results: Please guide me as this is my first server I've ever built. Thank you Quote Link to comment
ConnerVT Posted August 15, 2022 Share Posted August 15, 2022 Try setting CNAME for jellyfin to have context stratz.me If your NPM is set up correctly, you should be able to access your jellyfin at jellyfin.stratz.me Quote Link to comment
eas4uk Posted September 25, 2022 Share Posted September 25, 2022 I'm having a very similar (possibly identical) problem. I'm scratching my head with it and have retraced my steps and tried setting it all up again based on Ibracorps video, but no joy. Did you ever resolve this? Quote Link to comment
Solution dswede43 Posted September 26, 2022 Author Solution Share Posted September 26, 2022 So I never figured it out in the method I described above. But I did find a different method that achieved the same result successfully using Cloudflare tunnels. Following Ibracorps tutorial (https://docs.ibracorp.io/cloudflare-tunnel/) allowed me to reverse proxy all my docker services with an SSL certificate without any port forwards and according to Ibracorp, Cloudflare tunnelling is a faster and more secure method for self-hosting on the internet. Hope this helps you out and let me know if you have anymore questions Quote Link to comment
eas4uk Posted September 26, 2022 Share Posted September 26, 2022 Thanks for replying! All I’m looking to do is have family to access overseerr from the internet. Will the tunnel method achieve this? Quote Link to comment
dswede43 Posted September 26, 2022 Author Share Posted September 26, 2022 Yes, it will work for any docker service you wish to reverse proxy Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.