Question

Cloudflare DNS, GRAV and NGINX proxy manager

Posted on November 27, 2024
Websites
Asked by 64006132f52d4ed0b310110a0cf6bb

Dear reader,

I’m trying to publish my Cloudflare domain via DNS to the public ip of my droplet.

The CMS I’m using is GRAV, which is running in a docker container on port 80 and 8123 on the host. When I go to mydropletpublicip:8123 I can see the website just fine.

I have made a DNS token within Cloudflare so that I can create a SSL certificate in NGINX Proxy manager. In NGINX

In Cloudflare I made an A rule which directs all traffic going to mycloudflaredomain.com to mydropletpublicip And a CNAME rule which direct all traffic going to www.mycloudflaredomain.com to mycloudflaredomain.com.

In NGINX Proxy manager I made two reverse proxy rulesS: HTTP mycloudflaredomain.com 8123 + the SSL certificate and HTTP www.mycloudflaredomain.com 8123 + the SSL certificate

When I go to https://www.whatsmydns.net/ and check mycloudflaredomain.com I get the IP address of Cloudflare: 104.21.9.117 172.67.189.60

When I now go to mycloudflaredomain.com or www.mycloudflaredomain.com I get a Cloudflare error 521 - Webserver Host Error.

I have tried many things, but can’t figure out why I get the error.

Things I tried are: Allow all TCP and UDP incoming access in the firewall of the droplet and on the Digital Ocean project page. Add all IPaddressess of Cloudflare to the firewall and many more.

Please help, kind regards

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

alexdo

Site Moderator

• November 28, 2024

Heya, @64006132f52d4ed0b310110a0cf6bb

The Cloudflare error 521 indicates that Cloudflare is unable to connect to your droplet.

Cloudflare’s proxy servers must be able to connect to your droplet on ports 80 and 443 (default HTTP and HTTPS ports). Ensure the droplet firewall and DigitalOcean project-level firewall allow traffic from Cloudflare’s IP ranges.

You can check their IP ranges here:

https://www.cloudflare.com/ips/

On your droplet, verify that the firewall is configured properly:

sudo ufw status

Add rules if needed:

sudo ufw allow from <Cloudflare IP Range> to any port 80,443

Also Cloudflare’s SSL mode should be compatible with your droplet setup. Navigate to SSL/TLS settings in Cloudflare and ensure the following:

Set SSL/TLS Mode to Full (or Full (Strict) if you have a valid SSL certificate installed on your droplet).

Avoid Flexible, as it can cause redirection loops.

You can then use Cloudflare diagnostic tools to test connectivity:

Log in to your Cloudflare dashboard.
Navigate to Overview → Diagnostic Center.
Run the “Check HTTP Response” test for your domain.

Hope that this helps!

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

View all products

Get started for free

Get started

*This promotional offer applies to new accounts only.