Usage with Cloudflare proxy

[bollerdominik]

In my env file I define my IP to the public IP of the server.
I can run a docker container and I can access it from the specified domain with HTTPS and a valid Lets-Encrypt certificate.

Now I switch my Cloudflare toggle to proxy all requests to my webserver. This results in a "This page isn't redirecting properly" error and I can no longer access the docker container.

I would like to know how to setup Cloudflare and this proxy to properly work together.

Example container:

version: '3.2'
services:
  grafana:
    image: grafana/grafana
    container_name: grafana
    hostname: grafana
    expose:
      - "3000"
    environment:
      VIRTUAL_HOST: graf.domain.com
      LETSENCRYPT_HOST: graf.domain.com

networks:
  default:
    external:
      name: webproxy

[evertramos]

Using cloudflare the letsencrypt certificates will not be renewed unless you bypass the cloudflare proxy. You could disable the letsencrypt removing the LETSENCRYPT_HOST option and uncomment the USE_NGINX_CONF_FILES in your .env file. It will add the cloudflare real ip forwarding to you container in case you need it.

[evertramos]

I have a script that will open source it soon, just waiting the sponsor to validate which disable the proxy update the ssl and activate the proxy again, doing automatically using cron, but might take a while to post it.

[bollerdominik]

I am aware of this limitation that I can not renew the lets encrypt certificates while behind the cloudflare proxy. This is not ideal but I can work around this.

However, my issue seems to be different. I have a valid lets encrypt cert but can not use it along with grafana, this proxy and cloudflare. I get the "This page isn't redirecting properly" on my browser. Same thing happening with a MinIO docker container.

Do you have any suggestion for this issue?

Thank you for your work on this great script.

[evertramos]

it works if you bypass the proxy but it does if you activate the proxy is that what's happening? I had this issue when starting to work with cloudflare... I will try to remember but think it was a cloudflare config for that matter.

[evertramos]

what the log says in proxy and grafana container?

[bollerdominik]

If I do not use the Cloudflare proxy it works. I can make a https request with a valid lets encrypt certification.

If I activate the Cloudflare proxy I get "This page isn't redirecting properly" in my browser.

The nginx-proxy logs

nginx-web            | graf.domain.com 162.XXX.XXX.55 - - [18/Dec/2020:13:44:17 +0000] "GET /?orgId=1 HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
nginx-web            | graf.domain.com 162.XXX.XXX.55 - - [18/Dec/2020:13:44:17 +0000] "GET /?orgId=1 HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
nginx-web            | graf.domain.com 162.XXX.XXX.55 - - [18/Dec/2020:13:44:17 +0000] "GET /?orgId=1 HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
nginx-web            | graf.domain.com 162.XXX.XXX.55 - - [18/Dec/2020:13:44:17 +0000] "GET /?orgId=1 HTTP/1.1" 301 169 "-" 
.....many more redirects....

The grafana docker container logs do not show any requests. It usually logs all http requests so I assume the calls do not reach the grafana container.

[evertramos]

This is more related to the CloudFlare configuration than this proxy. Check the page rules and the tls options...

[bollerdominik]

I have pretty much tried every SSL related page rule. Even disabling SSL It is always the same unfortunately.

[bollerdominik]

Disabling LETSENCRYPT_HOST on the docker container makes it work again. It just unfortunate that it seems I can not use Lets Encrypt to encrypt the traffic from Cloudflare to my server

[evertramos]

I will try to check on that and see how to use both!

[bollerdominik]

Hi just asking if you have been able to check on this. I have been trying some custom nginx configs to stop the infinite redirects but did not have any luck.

I would love to be able to use Cloudflare with its DDOS protection and this useful nginx proxy.

I tried the minio, grafana and docker-elk. All end up with infinite redirects from nginx-web as soon as I toggle the Cloudflare proxy

[NanoCode012]

Hello, I would like to share my own experience. I used to get these infinite redirects too. After much fiddling, I got it to work.

I did this for both the previous version (0.4) and the one that just came out yesterday (v2).

My setup on Cloudflare:

• set SSL/TLS encryption mode: Full
• turn off Always Use HTTPS from the SSL/TSL > Edge Certificates
• under Page Rules, add page rule with URL: *hostname.tld/.well-known/acme-challenge/* and set Disabled Security , SSL: Off, Cache level: Bypass, Automatic Rewrites: Off

With the latest version, just run the fresh_install.sh, and it just works!

Note: Make sure to add the DNS for A record and set it to Proxied (Orange Cloud).