Danuel Posted June 30, 2019 Share Posted June 30, 2019 (edited) Since i saw the video of SpaceIncader One about "How to Use DNS Verification with your Reverse Proxy & use a Wildcard SSL Certificate" i decided to buy a domain for my nextcloud but i am having problems (for 2 weeks now i am trying to make it work) this is my letsencrypt settings i have change subdomain now to nexcloud only and same error this is what i have in cloudflare and i get this errors (521 or 522) i contacted the company where i bought the domain from and all OK on there end if i try to access www.svnprx.me i got the welcoming page i am able to access letsencrypt page i reedited the nextcloud config.ini for the proper domain i also edited nextcloud.subdomain.conf to reflect the proper subdomain, all the time i am ending up with that error. Forgot to mention problem with Collabora, still not working outside my network only using my server IP, if i use the domain name is not working If anyone can help with the problem i will be much appreciated Edited June 30, 2019 by Danuel Quote Link to comment
Danuel Posted July 13, 2019 Author Share Posted July 13, 2019 thank you for all the help, meaning none, good support Quote Link to comment
1812 Posted July 13, 2019 Share Posted July 13, 2019 1 hour ago, Danuel said: thank you for all the help, meaning none, good support You catch more flies with honey than vinegar. Quote Link to comment
Squid Posted July 13, 2019 Share Posted July 13, 2019 4 hours ago, 1812 said: You catch more flies with honey than vinegar. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4562214/ TLDR: Quote A common expression would have us believe that ‘you can catch more flies with honey than with vinegar’. But this is not true in the case of the fruit fly 1 Quote Link to comment
1812 Posted July 13, 2019 Share Posted July 13, 2019 5 minutes ago, Squid said: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4562214/ TLDR: I'm pretty sure we don't have many fruit flies here... but] it occurs to me, upon further reflection, that you can catch the most flies with a steaming pile of... well, things that are steaming piles 1 Quote Link to comment
Marshalleq Posted July 14, 2019 Share Posted July 14, 2019 (edited) I've not seen the video and I'm not planning on losing however many minutes of my life I'll lose by watching it - sometimes I do wish instructions were written so I could skim read - nevertheless videos do have their place! Anyway, enough about that - what you're attempting to set up is quite involved so I'd start with the basics. The basics to me would be that you can ping (from an externally connected device), unraidseven.duckdns.org. Bear in mind you've got cloudlfares security on in the screenshot which hides your real IP. You might like to turn it off for testing purposes (click on the orange cloud once) and maybe give it some time to reflect the change. I'm not actually sure what svnprx.me is, it doesn't seem related to anything you've got in cloudlflare, so perhaps have a look at that. You've just got to trace the basics back first. Make sure your DNS is working before you start playing around with certificates, reverse proxy's and whatever 'DNS verification' is - I assume it's secure DNS, but honestly don't know. So maybe post some findings from there. Good luck. Edited July 14, 2019 by Marshalleq Grammar 1 Quote Link to comment
HonkyKONG22 Posted July 21, 2019 Share Posted July 21, 2019 I'm having very similar issues, in the letsencrypt log it says: Quote nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found: I wonder if that is an issue? and does anyone know how to fix that? Quote Link to comment
trurl Posted July 21, 2019 Share Posted July 21, 2019 23 minutes ago, HonkyKONG22 said: I wonder if that is an issue? It's not. Answered many times in the letsencrypt thread. You can go directly to the correct support thread for any of your dockers by clicking on its icon and selecting Support. Quote Link to comment
Rhino2310 Posted September 3, 2019 Share Posted September 3, 2019 It could also be said that the 'Squeaky wheel gets the oil' . Quote Link to comment
Marshalleq Posted September 3, 2019 Share Posted September 3, 2019 @Danuel I've actually done this configuration myself now for a bit of fun. Specifically cloudflare, the same letsencrypt container and nextcloud. I got the same errors you got at some point, and got a bunch of others as well. Have you forwarded your firewall ports from 443 to 1443 and 80 to 180? The way you have configured it above will need that. Alternatively, you can change the ports that unraid is on (make sure you write them down otherwise you may lock yourself out). I chose to change the ports unraid is on as it meant that I could access the letsencrypt hosted platforms inside and outside my network in the same way. One of the issues I had was that I could not get Nat reflection working (I have opnsense which is very similar to pfsense in the video). I think we can get this working together if we start working through your firewall etc. Quote Link to comment
Stubbs Posted February 28, 2020 Share Posted February 28, 2020 I have the exact same problem. I take it nobody has solved it yet? Quote Link to comment
Beaupnm Posted April 27, 2020 Share Posted April 27, 2020 Anyone figure out the solution to this? I'm having the exact same problem. Quote Link to comment
Marshalleq Posted April 27, 2020 Share Posted April 27, 2020 You gotta disable Cloudflare proxy (the cloud next to your domain). And don't use cnames. Quote Link to comment
Beaupnm Posted April 27, 2020 Share Posted April 27, 2020 24 minutes ago, Marshalleq said: You gotta disable Cloudflare proxy (the cloud next to your domain). And don't use cnames. Thanks for the reply! My first post here, love the forums. I tried what you recommended but no luck so far. I've tried accessing my Nextcloud instance via my cell phone (on data) in a Firefox browser and no luck. Strangely I can login to Nextcloud via the phone app but I can't access any of the files inside. Quote Link to comment
Marshalleq Posted April 27, 2020 Share Posted April 27, 2020 It does take a little while for that change to take affect. Basically with the cloud on it proxy's a Cloudflare IP to your real IP, so if you ping your domain, it will come up with a Cloudflare address, vs if you turn the cloud off, a ping will come back with your real IP address. It would pay to test that on your client before confirming it doesn't work. I assume that it's working internally OK? And also, I strongly recommend changing unpaid's 80 and 443 ports so that lets encrypt can use them. Things just work better / and are more consistent, particularly when you're internal. Failing that, I'd suggest you share a little more of your config. Quote Link to comment
Beaupnm Posted April 27, 2020 Share Posted April 27, 2020 You're correct, I can access it from my local PC. I'll try changing my Unraid ports and see how that changes things. Thanks! Quote Link to comment
Beaupnm Posted April 27, 2020 Share Posted April 27, 2020 If anyone comes to this post, the information provided by @Marshalleq worked as a solution to getting Cloudflare to work with my Nextcloud instance. 1) Don't use the Cloudflare proxy, use them just for DNS 2) Use A records rather than CNAMES in Cloudflare 3) Changing Unraid ports to something other than 80 and 443 (Settings ---> Management Access in Unraid) 4) Make sure to have correct forwarding ports in router/firewall rules 1 Quote Link to comment
partyhat Posted July 18, 2020 Share Posted July 18, 2020 On 4/28/2020 at 4:42 AM, Beaupnm said: If anyone comes to this post, the information provided by @Marshalleq worked as a solution to getting Cloudflare to work with my Nextcloud instance. 1) Don't use the Cloudflare proxy, use them just for DNS 2) Use A records rather than CNAMES in Cloudflare 3) Changing Unraid ports to something other than 80 and 443 (Settings ---> Management Access in Unraid) 4) Make sure to have correct forwarding ports in router/firewall rules If you're doing this, you're not really getting any benefit of using Cloudflare really. Isn't the whole point to proxy it through Cloudflare to hide your IP and avoid DDoS attacks? 1 Quote Link to comment
Beaupnm Posted August 18, 2020 Share Posted August 18, 2020 You're mainly correct. A lot of people use Cloudflare to avoid DDOS attacks. I wanted to use it because Cloudflair also has an option to use their API for DNS verification for my Let's Encrypt certs. Quote Link to comment
blaine07 Posted August 19, 2020 Share Posted August 19, 2020 Once certs are written turn proxy back on until it’s time/close to time to renew certs. What I do; keeps me covered most of the time. I’ll wait 80iwh days, turn proxy off, make changes to container with that it rewrites certs for another 90, then I’ll turn proxy back on. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.