Cloudflare SaaS custom hostname 525

Hi. I'm trying to test out Cloudflare SaaS with custom hostnames for a new feature of mine. I'll write out what I've currenlty done. 1. Created a fallback origin https://proxy-fallback.fivemanage.com/. This is an A record to a IP where the page is running on a caddy webserver. 2. Created a CNAME customers to proxy-fallback.fivemanage.com . 3. Created a custom hostname whitelist.error-interactive.com that is a CNAME record to customers.fivemanage.com. FYI: In this case both domains go through CF and all the records mentioned here are proxied. Now, if I go to the fallback domain, we see the webpage, if I go through whitelist.fivemanage.com, its just a 525 handshake error. I've tried to enable Total TLS with Google Trust Services, without that working - disabled again. Am I missing some certificates? I have not touched anything related DCV. Neither did I add any TXT records for error-interactive.com domain. Could it be related to Caddy? (I'm open to change to anything else if need be). Would be great if someone could give some pointers. (Scream at me if I'm duplicating a post, couldn't find any) 🙂
8 Replies
Chaika
Chaika•5mo ago
I see blank 200's/OK responses on https://whitelist.error-interactive.com/ and https://customers.fivemanage.com/ 525 would be an origin ssl error, not something that total tls or edge side could help with
chip
chipOP•5mo ago
Hey! Yeah, I added the cloudlfare dns plugin to Caddy for the whitelist.error-interactive.com domain, and atleast its returning 200 with a blank page, but it is still not routing the traffic to proxy-fallback it seems. I'll try to create a 'ask' endpoint for Caddy to send requests to and see if it see if on demand tls fixes it?
Chaika
Chaika•5mo ago
You're saying you don't think it's reaching your origin? They've both got cf-cache-status: Dynamic so it's reaching somewhere, I would assume that Caddy isn't configured for that hostname/doesn't have a fallback so it's just going nowhere
chip
chipOP•5mo ago
Yeah, I'll try to mess a bit more around with Caddy. When I see 'Hello World' I know it's working 😄
chip
chipOP•5mo ago
Hm, I removed the cf cloudflare plugin and now I'm only running this on_demand_tls and tls on_demand for :443. I read through this: https://logsnag.com/blog/setting-up-vanity-subdomains-for-your-saas-using-caddy although it seems like they are only using one port, although in my case that won't work as I this is only supposed to be for one specifc app running on portt 8084 something. Still getting a 200 back which nice! Sending some screenshots too, just to clarify how the setup looks like.
LogSnag
Setting Up Vanity Subdomains for Your SaaS Using Next.js and Caddy ...
Learn how to set up vanity subdomains for your SaaS using Next.js and Caddy and provision SSL certificates on the fly using Let's Encrypt.
No description
No description
No description
No description
No description
chip
chipOP•5mo ago
I wonder if just not using the 'customers.fivemanage.com' subdomain could be a thing too.
Chaika
Chaika•5mo ago
you could have them cname directly to your fallback you don't need to issue ssl on your origin for each of them, CF is fine as long as it has a certificate covering the fallback. I'm confused where you're stuck at though, you don't see any of the incoming requests in your logs? If you only have server blocks for the fallback I don't think that would work, the incoming hostname should be whitelist.error-interactive.com
chip
chipOP•5mo ago
No logs unless I go directly to proxy-fallback.fivemange.com. It's a small express server running and printing headers on request - which yeah, only happens on proxy-fallback directly not through whitelist.fivemanage.com nor customers.fivemanage.com https://whitelist.error-interactive.com/, sweet! Now it works
Want results from more Discord servers?
Add your server