Cloudron Forum

@girish you hit the nail on the head. that was 100% what was going on but odd that it only started doing it recently. honestly, if I could use anybody else but Cloudflare, I would. #takingsuggestions

Hi @JOduMonT,

I ran Cloudron with a combination of Tailscale & Cloudflared for two weeks without a public IP at my home setup. So far, everything was working well and I didn't encounter any significant issues. Below is the process that I followed:

1# I had two servers - one for Cloudron and the second with docker and docker-compose. Tailscale was installed and configured with Tailscale IP on both servers. The automatic domain configured was disabled in Cloudron and was set manually.

2# I ran the docker-compose.yml file on the second server using the following:

version: '3.8' services: tunnel: image: 'ghcr.io/shmick/docker-cloudflared' container_name: tunnel hostname: tunnel restart: unless-stopped user: 1000:1000 env_file: - $PWD/tunnel.env volumes: - /etc/timezone:/etc/timezone:ro command: tunnel run network_mode: host TUNNEL_TOKEN={TUNNEL-TOKEN}

3# I set up and configured the domain in the Cloudflared UI, and used HTTPS for the Cloudron Tailscale IP with No TLS Verify enabled.

@Mad_Mattho So the way I understand it, because This tunnel is initiated from my server to cloudflare, I don't have any need to open very many ports on the server, and because I am using a CNAME record to point my DNS to the tunnel ID (no publicly routable IP addresses involved anywhere) it will make no difference where in the world this machine is, or what IP address it gets its internet from, as long as it has internet and can open the tunnel to cloudflare it should just be automatically online, and with the bare minimum amount of ports open, is that correct? Sounds good.

@j_vmess your domain works just fine for me here. Maybe it's a browser cache issue? Have you tried another browser or after clearing the browser cache? I removed your domain from the original post, since it was showing the setup screen.

This can be set to solved !

Cloudflare reply :

c09bd926-0b5e-4850-8e26-b9413779a021-image.png

@Antoine Can you double check if the endpoint field has the bucket name in it? The endpoint should not contain the bucket name.

@girish Oh great, that seems good then, happy to test it when it's available !

@girish ok, understood

okay, i'll try it running on ubuntu using virtual machine.. .

You can read more here - https://support.cloudflare.com/hc/en-us/articles/115000219871-Troubleshooting-redirect-loop-errors-

My understanding is that this will allow apps to get the real IP when behind Cloudflare. Currently, the apps get Cloudflare's IP.

@Refugee_Ranger said in Enormous Security Hazard:

Cloudron will configure Cloudflare for DNS only

By default, Cloudron configures any new app for DNS only. You have to go to the Cloudflare dashboard to enable proxying. Once you enable it in Cloudflare, Cloudron will preserve the proxying flag.

@ajtatum Congrats on the success and all the learning! 😎

@girish I did something slightly different (but maybe not SO uncommon). I created the server and put the clients domain into my own (developer) cloudflare account. After everything worked I created the domain in the client's cloudflare account and changed the NS entries (basically this: https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/manage-domains/move-domain/).

the situation was now, that the API key was still valid but changed the wrong domain entries at cloudflare. so, I imagine cloudron creates the NS entry, checks if this works (which it doesn't) -> brain freeze. Something like this?

@subven Sorry I wasn't clear on the domain thing. It's fixed now so no worries. I do have email working. I disabled mail in Cloudron (I don't see a use for it as it is just me), and redid the dmarc and other records that Google requires.

also read this

Just to note, it seems it was a timing issue, where the DNS in this case took longer than expected for full propagation.

In the past I have only seen the angular templates, if the browser has javascript disabled or the javascript files are not loaded. Do you see failing requests in your browser console?

@JLX89 said in Cloudflare + PTR (rDNS) Settings Compatibly:

Does anyone know if there is a way around this and enable proxying on example.tld with the mail server at the same location?

AFAIK, this is not possible since Cloudflare does not support proxying mail.

We are using Vultr for the VPS, so rDNS needs to be setup to reflect the server host (EX: example.tld), if pushing the mail server to mail.example.tld, the rDNS would need to be updated to that.

Correct. You have to set the rDNS to the name of the mail server in Vultr.