Dear reader,
I’m trying to publish my Cloudflare domain via DNS to the public ip of my droplet.
The CMS I’m using is GRAV, which is running in a docker container on port 80 and 8123 on the host. When I go to mydropletpublicip:8123 I can see the website just fine.
I have made a DNS token within Cloudflare so that I can create a SSL certificate in NGINX Proxy manager. In NGINX
In Cloudflare I made an A rule which directs all traffic going to mycloudflaredomain.com to mydropletpublicip And a CNAME rule which direct all traffic going to www.mycloudflaredomain.com to mycloudflaredomain.com.
In NGINX Proxy manager I made two reverse proxy rulesS: HTTP mycloudflaredomain.com 8123 + the SSL certificate and HTTP www.mycloudflaredomain.com 8123 + the SSL certificate
When I go to https://www.whatsmydns.net/ and check mycloudflaredomain.com I get the IP address of Cloudflare: 104.21.9.117 172.67.189.60
When I now go to mycloudflaredomain.com or www.mycloudflaredomain.com I get a Cloudflare error 521 - Webserver Host Error.
I have tried many things, but can’t figure out why I get the error.
Things I tried are: Allow all TCP and UDP incoming access in the firewall of the droplet and on the Digital Ocean project page. Add all IPaddressess of Cloudflare to the firewall and many more.
Please help, kind regards
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Heya, @64006132f52d4ed0b310110a0cf6bb
The Cloudflare error 521 indicates that Cloudflare is unable to connect to your droplet.
Cloudflare’s proxy servers must be able to connect to your droplet on ports 80 and 443 (default HTTP and HTTPS ports). Ensure the droplet firewall and DigitalOcean project-level firewall allow traffic from Cloudflare’s IP ranges.
You can check their IP ranges here:
https://www.cloudflare.com/ips/
On your droplet, verify that the firewall is configured properly:
Add rules if needed:
Also Cloudflare’s SSL mode should be compatible with your droplet setup. Navigate to SSL/TLS settings in Cloudflare and ensure the following:
Avoid Flexible, as it can cause redirection loops.
You can then use Cloudflare diagnostic tools to test connectivity:
Hope that this helps!