Cloudflare and Docker issues

[KJustice]

I will be monitoring this thread to the best of my ability and any guidance or help is greatly appreciated. 

 

        So after a period, I am reaching out to the community. We had severe weather a few weeks ago and I shut my server down as usual but when I brought it back up all of my websites were down. I create A records in Cloudflare and Nginx for all my applications I access on other devices like Overseer, Portainer, and Nginx. These domains all worked with no issues prior to the shutdown and bringing them back up they stopped working. I checked the server and nothing appeared to change when the system came back. Since coming back I have only gotten Cloudflare Error 522. I am having difficulty digesting and determining the issue and route cause. Initially, I thought it was an SSL authentication issue between Cloudflare and Nginx but again nothing there changed. Just a quick disclaimer, none of these sites are working. I had a total of 6 of them so I don't believe it is as simple as a specific setting for a docker container necessarily. 

 

Cloudflare:

• A record for Nginx.example.com with my local IP, this record is proxied. 
• Force HTTPS enabled
• SSL/TLS encryption mode is set to Full (tried Full (strict) and didn't work either with any testing)
• API token for all zones created for Nginx SSL Cert.
• I do not have the pro-plan so I cannot simply input a ticket for help from Cloudflare. 

Nginx:

• Source: domain created in Cloudflare.
• Destination: At this moment it is set to https://127.0.0.1:81 or https://localhost:81 
  • Side note, this is something I am on, I have watched many videos and am unable to determine which IP is used, I have watched some use their LAN or the systems' IP, some use the IP used to connect locally, and a few other variations. This is the IP Nginx uses to connect to 
• SSL Cert:
  • I used a wildcard cert (*.example.com) pointed this at Cloudflare and provided the API token from Cloudflare. I used the curl command to confirm this cert is valid and working. 

Portainer: version 2.18.2

• At this moment using nginx image: jc21/nginx-proxy-manager:latest.
• Published ports 80:80, 81:81, 443:443 in a container and forwarded on ISP Router. 
• I have tried numerous things, I started from scratch on the image, I tried defining my domain under the network section, and published ports, we have been trying the same with Overseer to try and get anything to work and even disabling all SSL to the best of our ability and trying to make an unsecured connection to the webpage has not worked, continues to give the 522 error. 

Questionable items:

• When researching and gathering information I noticed services like Overseer running on IP 10.0.0.208:Portnumber whereas Nginx is running on 127.0.0.1, I have not dictated the IPs for these containers and in Portainer I do not have them part of a specified network right now. 
• When going through the port forwarding setup on my ISP router I found that it reserved an IP and in my app, it shows my server IP as 10.0.0.208 but nowhere else does this show or reflect and the connected gig ethernet NIC has the IP of 192.168.x.x

Hardware:

• Ubuntu 22.04.2 LTS
• i3-9100F, AMD Radeon rx 560, 16GB RAM, RealTek Gig/Ethernet NIC, 40TB.

[KJustice]

bump2

[KJustice]

On 8/22/2023 at 8:17 AM, KJustice said:

bump2

Hopefull bump

[jsteelkw]

You mentioned that you had a power outage, did your public ip change? Can you try to curl your public ip from a hotspot ( or ask a friend to do it) to confirm your nginx is working as expected and reachable from the internet?

 

if that’s working it might be useful to setup a mitmproxy container that sits between cloudflare and nginx so that you can inspect traffic and find out what’s going wrong. 

[KJustice]

Ok, so after a lot of digging and troubleshooting I figured out what happened about 2 weeks ago and forgot to update this thread. When the power went out and the system came back online, nothing changed except for the actual config file. The config file was corrupted and when we redeployed it nothing changed because it was still messed up. When we tried using a new image this changed the config file because my friend is the type of person that copy/pastes shit and doesn't learn the theory of how stuff works first. 

 

He used a config file that required port 81 for Nginx to be forwarded instead of the original configuration. Port 81 being the admin port for Nginx I didn't and have never used this as the port forward and after forwarding that port I figured out this was the issue. Nothing else was wrong.