Please help me with my domain, cloudflare, nextcloud


20 posts in this topic Last Reply

Recommended Posts

Since i saw the video of SpaceIncader One about "How to Use DNS Verification with your Reverse Proxy & use a Wildcard SSL Certificate" i decided to buy a domain for my nextcloud but i am having problems (for 2 weeks now i am trying to make it work)

this is my letsencrypt settings lets.thumb.png.6d215040e3b674d24b9cc05128f16525.png

i have change subdomain now to nexcloud only and same error

 

this is what i have in cloudflare CloudflareDNS.thumb.png.ccd1c5dd4c6fc6277779d0f1c4c1a583.png

 

and i get this errors (521 or 522) 1406432894_err521.thumb.png.676ebc521e62f4ce78dd69688491952e.png

 

i contacted the company where i bought the domain from and all OK on there end

 

if i try to access www.svnprx.me i got the welcoming page

i am able to access letsencrypt page

 

i reedited the nextcloud config.ini for the proper domain i also edited nextcloud.subdomain.conf to reflect the proper subdomain, all the time i am ending up with that error.

 

Forgot to mention problem with Collabora, still not working outside my network only using my server IP, if i use the domain name is not working

 

If anyone can help with the problem i will be much appreciated

Edited by Danuel
Link to post
  • 2 weeks later...

I've not seen the video and I'm not planning on losing however many minutes of my life I'll lose by watching it - sometimes I do wish instructions were written so I could skim read - nevertheless videos do have their place!  Anyway, enough about that - what you're attempting to set up is quite involved so I'd start with the basics.

 

The basics to me would be that you can ping (from an externally connected device), unraidseven.duckdns.org.  Bear in mind you've got cloudlfares security on in the screenshot which hides your real IP.  You might like to turn it off for testing purposes (click on the orange cloud once) and maybe give it some time to reflect the change.

 

I'm not actually sure what svnprx.me is, it doesn't seem related to anything you've got in cloudlflare, so perhaps have a look at that.

 

You've just got to trace the basics back first.  Make sure your DNS is working before you start playing around with certificates, reverse proxy's and whatever 'DNS verification' is - I assume it's secure DNS, but honestly don't know.  

 

So maybe post some findings from there.

 

Good luck.

Edited by Marshalleq
Grammar
Link to post

I'm having very similar issues, in the letsencrypt log it says: 

Quote

nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:

I wonder if that is an issue? and does anyone know how to fix that? 

Link to post
23 minutes ago, HonkyKONG22 said:

I wonder if that is an issue?

It's not. Answered many times in the letsencrypt thread. You can go directly to the correct support thread for any of your dockers by clicking on its icon and selecting Support.

Link to post
  • 1 month later...

@Danuel I've actually done this configuration myself now for a bit of fun.  Specifically cloudflare, the same letsencrypt container and nextcloud.  I got the same errors you got at some point, and got a bunch of others as well.

 

Have you forwarded your firewall ports from 443 to 1443 and 80 to 180?  The way you have configured it above will need that.  Alternatively, you can change the ports that unraid is on (make sure you write them down otherwise you may lock yourself out).  I chose to change the ports unraid is on as it meant that I could access the letsencrypt hosted platforms inside and outside my network in the same way.

 

One of the issues I had was that I could not get Nat reflection working (I have opnsense which is very similar to pfsense in the video).

 

I think we can get this working together if we start working through your firewall etc.

Link to post
  • 5 months later...
  • 1 month later...
24 minutes ago, Marshalleq said:

You gotta disable Cloudflare proxy (the cloud next to your domain).  And don't use cnames.

Thanks for the reply! My first post here, love the forums.

I tried what you recommended but no luck so far. I've tried accessing my Nextcloud instance via my cell phone (on data) in a Firefox browser and no luck. Strangely I can login to Nextcloud via the phone app but I can't access any of the files inside.

Link to post

It does take a little while for that change to take affect.  Basically with the cloud on it proxy's a Cloudflare IP to your real IP, so if you ping your domain, it will come up with a Cloudflare address, vs if you turn the cloud off, a ping will come back with your real IP address.  It would pay to test that on your client before confirming it doesn't work.  I assume that it's working internally OK?  And also, I strongly recommend changing unpaid's 80 and 443 ports so that lets encrypt can use them.  Things just work better / and are more consistent, particularly when you're internal.  Failing that, I'd suggest you share a little more of your config.

Link to post

If anyone comes to this post, the information provided by @Marshalleq worked as a solution to getting Cloudflare to work with my Nextcloud instance.

 

1) Don't use the Cloudflare proxy, use them just for DNS

2) Use A records rather than CNAMES in Cloudflare

3) Changing Unraid ports to something other than 80 and 443 (Settings ---> Management Access in Unraid)

4) Make sure to have correct forwarding ports in router/firewall rules

Link to post
  • 2 months later...
On 4/28/2020 at 4:42 AM, Beaupnm said:

If anyone comes to this post, the information provided by @Marshalleq worked as a solution to getting Cloudflare to work with my Nextcloud instance.

 

1) Don't use the Cloudflare proxy, use them just for DNS

2) Use A records rather than CNAMES in Cloudflare

3) Changing Unraid ports to something other than 80 and 443 (Settings ---> Management Access in Unraid)

4) Make sure to have correct forwarding ports in router/firewall rules

If you're doing this, you're not really getting any benefit of using Cloudflare really. Isn't the whole point to proxy it through Cloudflare to hide your IP and avoid DDoS attacks? 

Link to post
  • 1 month later...

Once certs are written turn proxy back on until it’s time/close to time to renew certs. What I do; keeps me covered most of the time. I’ll wait 80iwh days, turn proxy off, make changes to container with that it rewrites certs for another 90, then I’ll turn proxy back on.

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.