Need Help Moving from Squarespace (post-Google migration) to Cloudflare

Hello community! I am attempting to use Cloudflare with Nginx Proxy Manager, however my domain was moved from Google Domains to Squarespace. I attempted to change the nameservers, waited a day and created my CF account in the meantime, and created the A records (@, www) that point to my external IP. My external IP is showing the NPM Congrats screen, so everything is port forwarded correctly. I just seem to get stuck on a 504 when attempting to visit my domain (stygia.one) What steps should I take to troubleshoot next?
No description
No description
56 Replies
Idle
Idle•2mo ago
504 means the cloudflare proxy did not receive a response from your server
zehro
zehroOP•2mo ago
@Idle yes, but squarespace was able to load with the same DNS records. are there additional steps to setting up cloudflare? its been days since the nameservers changed so i doubt its that i disabled DNSSEC before transfer and then got it successfully set up i also set SSL security to Full (Strict), installed an origin cert on my NAS from Cloudflare, and tried to add a subdomain nothing has connected
Idle
Idle•2mo ago
well 504 still means that your server isn't responding if it was a ssl error you would receive a different http status code
zehro
zehroOP•2mo ago
thanks for the replies btw. im losing my mind doing troubleshooting for a "basic setup"
Idle
Idle•2mo ago
if it was a DNS error you would receive a different http status code
zehro
zehroOP•2mo ago
what could be my next steps? if i stop NPM, nothing shows up. and it was working before with Squarespace, so i dont think its the app's configuration, and my ports are mapped from 80/443 to the respective ports for NPM
Idle
Idle•2mo ago
well yea if you stop the proxy on your backend then ofc nothing will happen... one thing you can try is temporarily disabling proxying for your site and see if you can connect without it
zehro
zehroOP•2mo ago
is that done on cloudflare? or just visiting my external IP?
Idle
Idle•2mo ago
sec https://dash.cloudflare.com/?to=/:account/:zone/dns/records if the dns record shows a orange cloud then the connection is proxied
Idle
Idle•2mo ago
No description
Idle
Idle•2mo ago
if you click on edit you can turn off proxying
zehro
zehroOP•2mo ago
and if its still timing out?
Idle
Idle•2mo ago
then your server isn't responding or your DNS record is misconfigured
zehro
zehroOP•2mo ago
hmm. its probably the latter i have... A record going to root, going to my external IP, DNS only CNAME going to www, going to my domain without www three TXT records from email security, and then one more that was a Google Record from Squarespace im half-convinced that i just need to buy a domain from cloudflare and not just have squarespace point to CF nameservers but i want to make sure CF works
Idle
Idle•2mo ago
would you mind sharing your domain here or in DMs?
zehro
zehroOP•2mo ago
yes, do you need the external IP too?
Idle
Idle•2mo ago
nope
zehro
zehroOP•2mo ago
k stygia.one
1.1.1.1
1.1.1.1•2mo ago
DNS over Discord: A records
stygia.one A @1.1.1.1 +noall +answer
NAME | TTL | DATA
-----------+------+---------------
stygia.one | 300s | 24.196.228.221
NAME | TTL | DATA
-----------+------+---------------
stygia.one | 300s | 24.196.228.221
diggy diggy hole
zehro
zehroOP•2mo ago
yup thats the one lol
Idle
Idle•2mo ago
yeah unfortunately its your server that's not responding :/
zehro
zehroOP•2mo ago
do you have more troubleshooting tips? because i see that the server is running :blob_sweat:
Idle
Idle•2mo ago
unfortunately i have not used npm. are you using a firewall of sorts that may be blocking inbound traffic?
zehro
zehroOP•2mo ago
i do not think so. wouldnt port forwarding solve that? please correct me if i have misassumed
Idle
Idle•2mo ago
is that IP a carrier grade IP?
zehro
zehroOP•2mo ago
i think so, looking at the definition
Idle
Idle•2mo ago
some ISPs disallow port forwarding, but if you say that your server previously responded to requests i'm gonna assume yours does allow it
zehro
zehroOP•2mo ago
yeah, strange but i still need to hunt down firewall rules? if thats a dead end, anything else? dont want to keep bothering you. just want a direction to try and figure it out
Idle
Idle•2mo ago
check your router configuration (is inbound tcp allowed on port 80/443?) check your servers firewall (same as with your router) and check your NPM configuration / logs (i've never worked with NPM, so i can't offer any help with that) but there are plenty of people who are way more knowledgeable than me in this topic, so you can also wait for their response
zehro
zehroOP•2mo ago
ill see how things go. right now, if i turn off my proxy host on NPM, then the request doesnt hit a 504 but gets an SSL error thats expected since the proxy host uses the SSL cert generated with CF dns challenge but then im stuck because how can i provide SSL if i dont run my proxy? stygia.one on HTTP works but HTTPS doesnt so now its looking like Cloudflare is hosting my domain correctly. but now i dont know how to secure my connections
Idle
Idle•2mo ago
ssl can be fixed whats the specific ssl error
zehro
zehroOP•2mo ago
SSL_ERROR_UNRECOGNIZED_NAME_ALERT SSL peer has no certificate for the requested DNS name. makes sense but also makes sense if you dont know NPM solutions to this, since i use the app to create certs i used to use just plain nginx and letscert-bot but i upgraded my NAS which is using kubernetes
Idle
Idle•2mo ago
you can use cloudflare issued ssl certificates
zehro
zehroOP•2mo ago
ill look at documentation for that. ty that done all on the dashboard?
zehro
zehroOP•2mo ago
wait. i did this
Idle
Idle•2mo ago
using cf origin certs also allows you to enable Full (Strict) mode on TLS then you can Re enable proxying and you should be fine
zehro
zehroOP•2mo ago
so 1. install origin cert of my domain (stygia.one, *.stygia.one) on my server 2. make sure Full (Strict) security is on 3. re-enable proxy i get a 525 handshake failure but im looking into what to do...
Idle
Idle•2mo ago
🤔 are you sure your server is using and presenting the cloudflare origin certificates?
zehro
zehroOP•2mo ago
how can i verify?
Idle
Idle•2mo ago
because the 525 status code seems to suggest otherwise
zehro
zehroOP•2mo ago
yeah i believe so 😭
Idle
Idle•2mo ago
seems like you have to disable proxying once again :p
zehro
zehroOP•2mo ago
done
Idle
Idle•2mo ago
hm it doesn't seem like your server is responding to https traffic http is working just fine
zehro
zehroOP•2mo ago
correct. i think squarespace was doing some magic to do it automatically
Idle
Idle•2mo ago
if you look at the cloudflare tls mode explanations, I believe flexible encrypts connections between the client and the proxy, but connects to your origin server only via http, which is what your server does seem to support this isn't a recommended solution to your problem, but if NPM does not support https it might be your best bet
zehro
zehroOP•2mo ago
its so odd that https wouldnt work. ill play around with it more by toggling the proxy but this is something more than just a 504. i appreciate the feedback theres no way to assign SSL certs to local IPs so im kind of stumped why https wont work
Idle
Idle•2mo ago
NPM has no ssl configuration options?
zehro
zehroOP•2mo ago
not that i could find
zehro
zehroOP•2mo ago
i did those things
zehro
zehroOP•2mo ago
No description
zehro
zehroOP•2mo ago
npm runs on three ports, http, https, and the webui i mapped the ports 80 to http and 443 to https
zehro
zehroOP•2mo ago
then i made a proxy host (if you know nginx stuff) and it made a server that listens on both 80 and 443 and the ssl cert is defined
No description
zehro
zehroOP•2mo ago
idk why squarespace had no issue, but id rather move to cloudflare for all the flexibility the DNS renewal works so its not the generated cert @Idle holy toledo. Wanted to let you know that I figured it out and learned a ton about Cloudflare Since NPM did the proxying, CF and NPM kept tossing requests back and forth, hence the 504 After switching CF to DNS only, NPM worked and I was able to troubleshoot SSL issues from there tldr; Cloudflare does everything NPM can do, if not more. It just means investing the effort to move all my previous configurations to the platform Thank you again for your assistance
Want results from more Discord servers?
Add your server