Install a CDN on a subdomain in a different IP: error 523

Question

HAPPY MONDAY

I have Ubuntu instances running on 2 servers:

Server1: Docker, Cloudflare-OZNU-API and Nginx Proxy Manager, wildcard for: domain.app and *domain.app.

Server2: Apache2 - PHP7.2, Certbot for DNS-Cloudflare-API.

This is the file for the APACHE2/server2:


<VirtualHost *:80>
   
ServerAdmin your@emailaddress.com
DocumentRoot /var/www/html/mautic/
ServerName m.domain.app

<Directory /var/www/html/mautic/>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

Server2: DNS-Cloudflare-API

certbot certonly --rsa-key-size 4096 --must-staple --dns-cloudflare --dns-cloudflare-credentials ~/cloudflare.ini -d domain.app -d *.domain.app

On Cloudflare the DNS set up is:

A > m.domain.app >> IP2 
A > domain.app >> IP1

Log file from Cloudflare-OZNU API overriding the IP2 setting on DNS.

[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 30-cloudflare-setup: executing... 
DNS Zone: m.domain.app (2bxxxxxx9026363b71a762)
DNS Record: m.domain.app (xxxxxxxe381939a96f89ae)
[cont-init.d] 30-cloudflare-setup: exited 0.
[cont-init.d] 50-ddns: executing... 
Updating CloudFlare DNS record m.domain.app from 129.213.www.37 to 150.136.www.9...
CloudFlare DNS record m.domain.app (150.136.www.9) updated successfully.
[cont-init.d] 50-ddns: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting crond...
crond: crond (busybox 1.31.1) started, log level 6
[services.d] done.
crond: USER root pid 246 cmd /etc/cont-init.d/50-ddns
No DNS update required for m.domain.app (150.136.www.9).
crond: USER root pid 261 cmd /etc/cont-init.d/50-ddns
Updating CloudFlare DNS record m.domain.app from 129.213.www.37 to 150.136.www.9...
CloudFlare DNS record m.domain.app (150.136.www.9) updated successfully.
crond: USER root pid 281 cmd /etc/cont-init.d/50-ddns
No DNS update required for m.domain.app (150.136.www.9).
crond: USER root pid 296 cmd /etc/cont-init.d/50-ddns
No DNS update required for m.domain.app (150.136.www.9).

Error: 523 happens on Server2, where I expected to see Mautic installation page. Origin is not being reached because Cloudflare-API is overwriting the IP-server2.

The problem might be then to set up the m.domain.app on server1, since the containers on Docker environment are set to IP1, would it be solved creating a new environment on docker, adding the IP2 to the same local folder on the existing environment? I thought it would be enough to set up the subdomain on NGINX Proxy Manager and point it to IP2 with SSL, but that doesn't solve it.

Appreciate your help!

hei, I miss a clear error in here. if you want load balance then after the nginx is not a valid certificate needed, due it does not check it by default when using it as reverse proxy. How ever the setup looks kine a home environment is that true? — djdomi, Aug 08 '22 at 17:30
Hi @djdomi, the error is 523 when I open m.domain.app, it should open the CRM Im trying to install. I am working on a personal project on VPS's. Thanks for asking. — Debbie, Aug 08 '22 at 18:04
And I only installed the first VPS with docker/portainer/Cloudflare/NPM because 100% of devs pointed this way. It's a nightmare, docker has no updated image for Mautic so I am forced to move it on to a second VPS, super complicated when I just need to start a wordpress and mautic project for mkt campaing. Why not a host etc.... because I need privacy and no third party sharing. — Debbie, Aug 08 '22 at 18:07
about the certificate, I took it off Nginx, now I get 523 invalid certificate. You are right, I already have certs, cloudflare api won't let me just declare the token, it has to request a new cert everytime. — Debbie, Aug 08 '22 at 18:16
to make my statement clear: internet > nginx internet > forward via reverse proxy function > targets so at the reverse proxy configuration target needs no valid certificate — djdomi, Aug 08 '22 at 18:21
I set Nginx with http only. Got 504 invalid certificate. The IP2 is not being found. — Debbie, Aug 08 '22 at 18:37

score 0 · Answer 1 · answered Aug 08 '22 at 18:56

I managed to access server2 by adding the following information to Oznu stack yml file:

-e DNS_SERVER=10.0.0.2

So the new file is:

version: '2'
services:
  cloudflare-ddns:
    image: oznu/cloudflare-ddns:latest
    restart: always
    environment:
      - API_KEY=my token
      - ZONE=domain.app
      - SUBDOMAIN=m
      - e DNS_SERVER=10.0.0.162
      - PROXIED=true
      - e CRON=*/5 * * * *

as in: oznu-github

I still, oddly, had to use HTTPS on nginx proxy manager, but it's finally working.

Install a CDN on a subdomain in a different IP: error 523

1 Answers1