Open zaddy6 opened 1 day ago
In which port is Hetzner LB listening on? Are targets behind Hetzner LB healthy? What's mode is SSL/TLS setting on Cloudflare?
deploy.yml:
# Note: If using Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption.
proxy:
ssl: true
host: api.foobar.com
# Proxy connects to your container on port 80 by default.
app_port: 3000 # if you use thruster remove this line, if you don't use thruster set this line
You have then to setup DNS records with proxy toggle checked (A with ipv4 and AAAA with the ipv6 without the /64) Then on cloudfare dns, you will have to create two records: A with @ if it's the full domain, or just "api" if it's a subdomain, and as value you set your IPv4 AAAA with @ if it's the full domain, or just "api" if it's a subdomain, and as value you set your IPv6 (remove the /64
Then commit your changes, and kamal deploy. Additionnal i add the gem "cloudflare-rails" to my production environement group in my Gemfile.
This config wouldnt work as SSL: True only works if you are deploying to a single server, in my case I am deploying to 3 servers, and then all 3 are under a single hertzner LB
I have created a LB on Hertzner and added both servers, I have also added a proxied A record pointing to the LB server on cloudflare however I get a website down error
Although visiting the server IP for both the LB and Hosts works without issues