Closed bugs181 closed 4 years ago
Was able to fix. Appeared to be a DNS caching issue on my end. Gotta love caches, the past few issues have been related to that. Another issue that I ran into is that my application had spaces in the name and this caused Caddy to not load properly.
To clarify, this is the first time I've ever tried to set up a proxy for docker apps. I haven't had much luck. Originally my domain was at godaddy but I've since moved it to Cloudflare for security and ease of use. I'm not confident that I don't have a configuration problem on Cloudflare itself. When setting up DNS, what should I be looking out for?
Here's what works: I hosted a node.js proxy directly on the server and was able to get it working with HTTP. Did not try SSL. So that means the apps are reachable via the domain.
With
Tyger2
here's what I'm getting:The output from AuthURL
``` { "identifier": { "type": "dns", "value": "[REMOVED]" }, "status": "invalid", "expires": "2020-06-14T23:23:46Z", "challenges": [ { "type": "tls-alpn-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/[REMOVED]", "token": "[REMOVED]", "validationRecord": [ { "hostname": "[REMOVED]", "port": "443", "addressesResolved": [ "104.27.181.57", "172.67.140.222", "104.27.180.57", "2606:4700:3035::681b:b539", "2606:4700:3034::681b:b439", "2606:4700:3033::ac43:8cde" ], "addressUsed": "2606:4700:3035::681b:b539" } ] } ] } ```Curl port 80
``` $ curl -v http://[subdomain.mydomain.com] * Rebuilt URL to: http://[subdomain.mydomain.com]/ * Trying [server ip]... * TCP_NODELAY set * Connected to [subdomain.mydomain.com] ([server ip]) port 80 (#0) > GET / HTTP/1.1 > Host: [subdomain.mydomain.com] > User-Agent: curl/7.54.0 > Accept: */* > < HTTP/1.1 404 Not Found < Content-Type: text/plain; charset=utf-8 < Server: Caddy < X-Content-Type-Options: nosniff < Date: Sun, 07 Jun 2020 23:52:13 GMT < Content-Length: 59 < 404 Site [subdomain.mydomain.com] is not served on this interface * Connection #0 to host [subdomain.mydomain.com] left intact ```Curl port 443
``` $ curl -v https://[subdomain.mydomain.com] * Rebuilt URL to: https://[subdomain.mydomain.com]/ * Trying [server ip]... * TCP_NODELAY set * Connected to [subdomain.mydomain.com] ([server ip]) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS alert, Server hello (2): * error:14004438:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert internal error * stopped the pause stream! * Closing connection 0 curl: (35) error:14004438:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert internal error ```Cloudflare SSL/TLS setting is:
Your SSL/TLS encryption mode is Flexible
Description:Encrypts traffic between the browser and Cloudflare
The other options are
Encrypts end-to-end, using a self signed certificate on the server
Encrypts end-to-end, but requires a trusted CA or Cloudflare Origin CA certificate on the server
To further complicate things, I'm not sure if just having an A record is sufficient for subdomains, and what other options I should be using for this. There's a Proxy mode, which I believe also enables the Cloudflare cache feature.
Currently I have:
Maybe related: Doing a port scan of the server after
Tyger2
has started, ports 80 and 443 are not open. Possibly related to #20