this post was submitted on 10 Jun 2023
5 points (100.0% liked)

Self Hosted - Self-hosting your services.

506 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Cross-posting

If you see a rule-breaker please DM the mods!

founded 3 years ago
MODERATORS
 

Hi guys, would be happy to receive some input on my current problem. I spun up my own Lemmy instance yesterday using the ansible playbook on newly set up VPS with it's own IPv4. Since I also had an unused domain I choose to use it exclusively for Lemmy. I therefore set the domain in the hosts file to exactly that one. I created the follwing DNS entries in Cloudflare for it:

  • A Record with name www pointing towards the ip
  • A CName pointing the domain without subdomain towards the www.subdomain.de thing

Both without a activating their proxies. As soon as I'm activating their proxies my instances becomes unreachable and if I'm calling www.my-domain.de I'm seeing an Nginx error page. Is there a smart way anyone of you knows how I could setup my dns records in a way that I'm able to use Cloudflare proxies to kinda encapsulate my vps a bit more?

EDIT: I got it solved, first on, I was most probably an idiot when setting the SSL settings. I could be possible that I changed them for the wrong domain. So in the end I did two things. First on I changed the CNAME thing into another A record pointing directly towards the server ip. I suspect this was not the root cause. Because after changing the DNS settings I discovered that again the SSL settings were set to Flexible this is basically a setting where Cloudflare assumes you are somehow unable to get your own SSL certificate on your server and therefore only the traffic between the users browser and them is encrypted but the traffic towards your server is not. That was most probably the main reason since this should cause an infinite forwarding of Cloudflare trying http but my server was redirecting them to https (for more info see here). I set it to Full (strict) meaning now all the traffic is encrypted using my certificate.

After both changes it works now, and when pinging the url some random Cloudflare IP shows up and "my" ip is hidden.

Old DNS settings: Old DNS settings

New DNS settings: New DNS settings

EDIT 1: Changed the title from xyz (SOLVED) to [SOLVED] xyz

you are viewing a single comment's thread
view the rest of the comments
[โ€“] ture@rational-racoon.de 1 points 1 year ago (1 children)

I'll look into it as soon as I'm back at my computer. The playbook contains certbot and requests its own ssl certificate and I also use certbot and cloudflare for my homeserver, so I should be able to easily compare settings there. Haven't thought of it maybe being an SSL issue since the usual your page is unsafe and so things didn't pop up.

[โ€“] ture@rational-racoon.de 1 points 1 year ago* (last edited 1 year ago)

~~Tried turning ssl on/ off; always the same result.~~

EDIT: See the edit in the post; most probably it actually helped.