CD
Cloudflare Developers5w ago
Kris

Orange cloud breaks websocket app

Hellooooooo Cloudflare and general programming noob here. I've made a website that relies on a secure websocket server. When the DNS entry for the subdomain for this server is set to DNS only (grey cloud), the site works fine. However, when the DNS entry is set to Proxied (orange cloud), the site breaks completely because the websocket fails to connect. Would anyone be able to assist me in debugging this please? I don't know where to start.
8 Replies
Chaika
Chaika5w ago
Hello, I would start with ensuring websockets are enabled in your Cloudflare config, under "Network" -> "Websockets" when you navigate to the Cloudflare dashboard -> websites -> then your website. I would then double check your encryption mode is "Full (Strict)" under SSL/TLS -> Overview Then I would try to wrangle an error out of it. Open up inspect element/dev tools before the websocket connection tries, look for an error in console or the response from the websocket under the status tab.
Kris
Kris5w ago
websockets is enable in my cloudflare config SSL/TLS mode is flexible because I'd prefer to use my let's encrypt certificate, though I could change it as a last resort if that's what is causing the issue
Chaika
Chaika5w ago
What do you mean "prefer to use your lets encrypt certificate"?
Kris
Kris5w ago
browser is unhelpful
No description
Chaika
Chaika5w ago
This is what Flexible is doing User <- HTTPS (Cloudflare Cert) -> Edge <- HTTP (no cert) -> Origin
Kris
Kris5w ago
I know what I meant was I'd rather not change to full (strict), which as I understand it would force me to use a cloudflare certificate brb
Chaika
Chaika5w ago
no, full strict works with any trusted certificate
Your origin needs to be able to support an SSL certificate that is: Unexpired, meaning the certificate presents notBeforeDate < now() < notAfterDate. Issued by a publicly trusted certificate authorityor Cloudflare’s Origin CA. Contains a Common Name (CN) or Subject Alternative Name (SAN) that matches the requested or target hostname.
Flexible means no encryption between Edge and Origin at all, completely plaintext. You never ever want to use Flexible or Full, only ever Full (Strict), or if you don't want to support SSL at all, Off. When I try to go to particle.kris.software I get the typical redirect loop you'll get with Flexible as well, as Flexible makes CF send a plaintext redirect and your origin tries to upgrade it to https, and that just loops forever. If you've already got a valid Let's encrypt cert on your origin, then you should have no issues switching on Full (Strict) and it should remove that issue at least
Kris
Kris4w ago
Full (strict) fixes the problem, thank you
Want results from more Discord servers?
Add your server
More Posts
Only lower latency with Warp with workerHey there, I noticed this a while ago but never investigated it, but for some reason my Worker HTTP Delete client certificatesHi everyone, I want to delete some client certificates I created, I found this post https://communiWAF custom role override - subpathHi, sorry if this is stupid question but is it possible to have one exception path for custom rule .How to change cloudflared private ip?Hello, how to change private ip in cloudflared? It seems that it has been wrong recognized and publiRedirect Pages to New DomainI've deployed my site to pages and purchased a domain for it, all the DNS records were handled automWhich Cloudflare product to use for VoD storage?So I am trying to find a cost effective video storage, nothing fancy, but that gives me elastic bandFirestore on Pages?Is there any way to use Google Firestore on Cloud flare pages?Warp service disruption for users in China since June 6, 2024I hope this message finds you well. I am reaching out to bring to your attention an issue that has bQueues + DO's + DB connectionsI distribute load to multiple different unique DO's, where each one creates a new connection. I keepCloudflare is not friendly to long domain nameshttps://github.com/ccbikai/loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo.ong/issue