Help with SSL Cloudflare
-
So, I tried linking my Lemmy instance akaris.space but it says the ssl handshake failed and i can't seem to figure out what went wrong.
https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/ you could use a less strict mode here
-
So, I tried linking my Lemmy instance akaris.space but it says the ssl handshake failed and i can't seem to figure out what went wrong.
I'm not familiar enough with Cloudflare's error messages --- or deployment with Cloudflare --- to know what exact behavior that corresponds to, but I'd guess that most likely it can open a TCP connection to port 443 on what it thinks is your server, but it's not getting HTTPS on that port or your server isn't configured to serve up the right certificate for that hostname or the web server software running on it is otherwise broken. Might be some sort of intervening firewall.
I don't know where your actual server is, may not even be accessible to me. But if you have a Linux machine that can talk to it directly -- including, perhaps, the server itself -- you should be able to see what certificate it's handing back via:
$ openssl s_client -showcerts -servername akaris.space IP-address-of-actual-server:443That'll try to establish a TLS connection, will send the specified server name so that if you're using vhosting on the server, it knows which site to return, and then will tell you what certificate the web server used. Would probably be my first diagnostic step if I thought that there was a problem with the TLS handshake on a machine I was running.
That might provide enough information to you to let you resolve the issue yourself.
Beyond that, trying to provide much more information probably isn't possible without more information about how your server is set up and what actually is working. You can censor IP addresses if you want to keep that private.
-
So, I tried linking my Lemmy instance akaris.space but it says the ssl handshake failed and i can't seem to figure out what went wrong.
How are you using Cloudflare, and what are you serving the lemmy instance on? I'm guessing it is due to the ssl mode chosen as said before
-
How are you using Cloudflare, and what are you serving the lemmy instance on? I'm guessing it is due to the ssl mode chosen as said before
You want to use flexible ssl/tls for starters, doubtful it will work otherwise. Log in to cloudflare, choose domain, then SSL/TLS and see if encryption is set to flexible. See what that gets you, though it can take 15 mins for effects to show up. As long as the server can be reached cloudflare will try and match a certificate so lemmy gets served, as long as the server is set up correctly and the ports etc. are correctly forwarded and open
-
How are you using Cloudflare, and what are you serving the lemmy instance on? I'm guessing it is due to the ssl mode chosen as said before
I'm using it to set a tunnel, and lemmy instance is yunohost. since my domain is on porkbun, it says now "parked on the bun"
-
https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/ you could use a less strict mode here
I have, thanks, now it shows "parked on the bun"
-
So, I tried linking my Lemmy instance akaris.space but it says the ssl handshake failed and i can't seem to figure out what went wrong.
wrote last edited by [email protected]Set the SSL mode to "Full".
Then go to "Rules" and create three rules. This is also the order in which they should be processed:1. Name: lemmy u all Custom filter expression: URI path equals /u/* All other options disabled.2. Name: lemmy nodeinfo all Custom filter expression: URI path equals /nodeinfo/* All other options disabled.3. Name: lemmy inbox all Custom filter expression: URI path equals /inbox/* All other options disabled.This should get your instance running behind Cloudflare's tunnel.
*edited for formatting
-
Set the SSL mode to "Full".
Then go to "Rules" and create three rules. This is also the order in which they should be processed:1. Name: lemmy u all Custom filter expression: URI path equals /u/* All other options disabled.2. Name: lemmy nodeinfo all Custom filter expression: URI path equals /nodeinfo/* All other options disabled.3. Name: lemmy inbox all Custom filter expression: URI path equals /inbox/* All other options disabled.This should get your instance running behind Cloudflare's tunnel.
*edited for formatting
What do I put for "rule type" on Cloudflare? ex: redriect or route request, transform request/response, modify configurations
-
What do I put for "rule type" on Cloudflare? ex: redriect or route request, transform request/response, modify configurations
Oops sorry about that, you want them all as configuration rules
-
I have, thanks, now it shows "parked on the bun"
What is porkbun, your hosting provider?
-
What is porkbun, your hosting provider?
The site I bought the domain at :3
-
Oops sorry about that, you want them all as configuration rules
wrote last edited by [email protected]Thanks
-
Thanks
Hope it helped!
-
Hope it helped!
what action do i put, i put ssl, idk
-
Hope it helped!
but maybe not because it still says the handshake failed
-
what action do i put, i put ssl, idk
I've left all of the actions off
-
I've left all of the actions off
oh, how do u do that? it says i must have an action
-
I've left all of the actions off
action parameters are required for the set_config action
-
oh, how do u do that? it says i must have an action
So sorry, it's been a while....
Add the following actions:- Browser integrity check (Then turn off)
- Disable RUM
- Disable Zaraz
- Email Obfuscation (Then turn off)
- Fonts (Then turn off)
- Hotlink Protection (Then turn off)
- Opportunistic Encryption (Then turn off)
- Rocket Loader (Then turn off)
-
So sorry, it's been a while....
Add the following actions:- Browser integrity check (Then turn off)
- Disable RUM
- Disable Zaraz
- Email Obfuscation (Then turn off)
- Fonts (Then turn off)
- Hotlink Protection (Then turn off)
- Opportunistic Encryption (Then turn off)
- Rocket Loader (Then turn off)
Thanks so much!! This will totally help me and I'll tell u the results
