I have a host with a Directadmin Panel, which I can access using https://example.com:2222.
Since i repalced cloudflare ns with my host provider ns to redirect traffic through cloudflare, I can't access the admin panel using example.com:2222.
When I searched about this issue, I couldn't find any solution because all the solutions suggested changing the port but I couldn't access the server's root account.
Related
I installed a nextcloud service on my NAS in a docker container and the service is reachable from the internet via a FQDN for which I generated wildcard Letsencrypt certificates.
A reverse proxy (Traefik) is dispatching requests to the service and handles http/https.
Everything works fine while outside of my LAN but connecting to nextcloud from the local network gives certificate errors.
For instance, trying to open the nextcloud home page from Firefox gives:
nextcloud.yourdomain.com uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
View Certificate
Clicking on "View Certificate" actually shows the router's own certificate.
As an additional information, my nextcloud service FQDN is correctly resolved to my router's public IP address even from within the LAN, i.e.
ping nextcloud.yourdomain.com
correctly returns the public IP address of my router.
How can I avoid this? Why is the router using its own certificates for https traffic to hosts that are inside my LAN instead of my my domain's Letsencrypt certificates, exactly as it's happening from outside the LAN?
Evidently the reverse-proxy or the NAS are not to be blamed as https requests are not even reaching them.
Could you help me with some additional troubleshooting?
Thanks
PI
The external IP address you use is actually the IP address of your router. For traffic from outside (i.e. the internet) there is a port forwarding rule which forwards this traffic to the internal server. For traffic from inside this port forwarding will not be applied - this is how your specific router works. And since there is actually a service running on the same port (the admin interface of the router) and this is reachable from inside it will be used instead.
Note that this is how this particular router works. A different router might apply the port forwarding to both internal and external traffic. It would need to support NAT loopback too in this case though.
A workaround would be to use split DNS, i.e. access the nextcloud from outside by the public IP address and from inside by the internal IP address. If such a setup can be done with the systems you already have is unknown.
I'm using
Allow from 123.234.12.23
to whitelist IP addresses without needing to enter in the htpasswd credentials.
I've just switched to use Cloudflare proxy (to protect bypassing CF firewall) but now all requests to my server (from Apache logs) are coming in as Cloudflare IP's.
How can I access the requester's actual IP so that I don't have to keep entering in the credentials if I'm on a whitelisted IP?
To do this you need to install mod_cloudflare for Apache.
https://support.cloudflare.com/hc/en-us/articles/200170916-Restoring-original-visitor-IPs-Option-1-Installing-mod-cloudflare
Since my machine was running on Ubuntu, I ended up following the guide from this site which worked for me to install it on Ubuntu.
I am working with Load Balancing to have https to my static website and I have my domain in GoDaddy
I created a LoadBalancer with
Backend configuration: To my Cloud storage buckets & enabled CDN.
Frontend configuration: Https having static IP I have enabled
Google-managed SSL certificate with my domain example.com which is in GoDaddy.
Do I need to do any configuration in GoDaddy like pointing, After 10-20 min I get FAILED_NOT_VISIBLE in domain status
I am new and don't know how to link.
In google docs I can see DNS records for your domain must reference the IP address of your load balancer's target proxy, Can someone help me to understand.
https://cloud.google.com/load-balancing/docs/ssl-certificates?hl=en_US&_ga=2.190405227.-1195839345.1570257391#certificate-resource-status
Finally I fixed it, We need to point the Static IP to DNS in my case I have in GoDaddy, It took some time to point DNS and then it took time for my Google-managed SSL certificate to turn green.
Once it's done I hade an issue with err_ssl_version_or_cipher_mismatch for this we need to add Policy to tell LB to use TLS 1.2 but in my case it automatically resolved in 10 min.
We can Point DNS in two ways one by directly adding Static IP to A record in GoDaddy other is by creating a Cloud DNS in GCP and point Nameserver in Godaddy.
We must establish a link to confirm our DNS with Static IP of LB so that the SSL turns Green after confirming Domain status.
Currently I am using No-Ip for my website and I wanted to use cloudflare for protection against ddos and bots. I noticed that you need a domain for cloudflare. Also I searched the web and found something called cloudflare ddns. I don't own a domain only the dynamic public ip of my home route. So how do I set up cloudflare without a domain?
Maybe you will be interested in Cloudflare Argo Tunnel.
A single command cloudflared tunnel --url localhost:80 will expose your webserver running on port 80 on your home server/PC to the internet. Cloudflare will generate a free subdomain under trycloudflare.com domain that your visitors can reach.
I have a domain called qlink.co.in and I have a cpanel for this domain.
In cpanel I created a sub domain - server1.quicklink.co.in
In this cpanel in DNS zone editor I pointed this sub domain to my server1 like shown in image below -
Now I can access my http://server1 IP address. My link as http://server1.qlink.co.in/.
If I install ssl on my qlink.co.in domain which comes with unlimited sub domain option, then do I need to do anything on my server1 server or not? Will my subdomain link work with https?
SSL should be installed on domain from the server where your domain is pointing. As your sub-domain is pointing to other provider's server, you should install the SSL from that server.
It will not work, if you will install it from the server where your main domain is pointing.