Need Help Moving from Squarespace (post-Google migration) to Cloudflare
Hello community! I am attempting to use Cloudflare with Nginx Proxy Manager, however my domain was moved from Google Domains to Squarespace.
I attempted to change the nameservers, waited a day and created my CF account in the meantime, and created the A records (@, www) that point to my external IP.
My external IP is showing the NPM Congrats screen, so everything is port forwarded correctly. I just seem to get stuck on a 504 when attempting to visit my domain (stygia.one)
What steps should I take to troubleshoot next?
56 Replies
504 means the cloudflare proxy did not receive a response from your server
@Idle yes, but squarespace was able to load with the same DNS records. are there additional steps to setting up cloudflare?
its been days since the nameservers changed so i doubt its that
i disabled DNSSEC before transfer and then got it successfully set up
i also set SSL security to Full (Strict), installed an origin cert on my NAS from Cloudflare, and tried to add a subdomain
nothing has connected
well
504 still means that your server isn't responding
if it was a ssl error you would receive a different http status code
thanks for the replies btw. im losing my mind doing troubleshooting for a "basic setup"
if it was a DNS error you would receive a different http status code
what could be my next steps? if i stop NPM, nothing shows up. and it was working before with Squarespace, so i dont think its the app's configuration, and my ports are mapped from 80/443 to the respective ports for NPM
well yea if you stop the proxy on your backend then ofc nothing will happen...
one thing you can try is temporarily disabling proxying for your site
and see if you can connect without it
is that done on cloudflare? or just visiting my external IP?
sec
https://dash.cloudflare.com/?to=/:account/:zone/dns/records
if the dns record shows a orange cloud then the connection is proxied
if you click on
edit you can turn off proxyingand if its still timing out?
then your server isn't responding or your DNS record is misconfigured
hmm. its probably the latter
i have...
A record going to root, going to my external IP, DNS only
CNAME going to www, going to my domain without www
three TXT records from email security, and then one more that was a Google Record from Squarespace
im half-convinced that i just need to buy a domain from cloudflare and not just have squarespace point to CF nameservers
but i want to make sure CF works
would you mind sharing your domain here or in DMs?
yes, do you need the external IP too?
nope
k
stygia.one
DNS over Discord: A records
stygia.one A @1.1.1.1 +noall +answer
diggy diggy hole
yup thats the one lol
yeah unfortunately its your server that's not responding :/
do you have more troubleshooting tips? because i see that the server is running :blob_sweat:
unfortunately i have not used npm. are you using a firewall of sorts that may be blocking inbound traffic?
i do not think so. wouldnt port forwarding solve that?
please correct me if i have misassumed
is that IP a carrier grade IP?
i think so, looking at the definition
some ISPs disallow port forwarding, but if you say that your server previously responded to requests i'm gonna assume yours does allow it
yeah, strange
but i still need to hunt down firewall rules?
if thats a dead end, anything else? dont want to keep bothering you. just want a direction to try and figure it out
check your router configuration (is inbound tcp allowed on port 80/443?) check your servers firewall (same as with your router) and check your NPM configuration / logs (i've never worked with NPM, so i can't offer any help with that)
but there are plenty of people who are way more knowledgeable than me in this topic, so you can also wait for their response
ill see how things go. right now, if i turn off my proxy host on NPM, then the request doesnt hit a 504 but gets an SSL error
thats expected since the proxy host uses the SSL cert generated with CF dns challenge
but then im stuck because how can i provide SSL if i dont run my proxy?
stygia.one on HTTP works but HTTPS doesnt
so now its looking like Cloudflare is hosting my domain correctly. but now i dont know how to secure my connections
ssl can be fixed
whats the specific ssl error
SSL_ERROR_UNRECOGNIZED_NAME_ALERT
SSL peer has no certificate for the requested DNS name.
makes sense but also makes sense if you dont know NPM solutions to this, since i use the app to create certs
i used to use just plain nginx and letscert-bot but i upgraded my NAS which is using kubernetes
you can use cloudflare issued ssl certificates
ill look at documentation for that. ty
that done all on the dashboard?
wait. i did this
using cf origin certs also allows you to enable Full (Strict) mode on TLS
then you can Re enable proxying and you should be fine
so
1. install origin cert of my domain (stygia.one, *.stygia.one) on my server
2. make sure Full (Strict) security is on
3. re-enable proxy
i get a 525 handshake failure but im looking into what to do...
🤔 are you sure your server is using and presenting the cloudflare origin certificates?
how can i verify?
because the 525 status code seems to suggest otherwise
yeah i believe so ðŸ˜
seems like you have to disable proxying once again :p
done
hm
it doesn't seem like your server is responding to https traffic
http is working just fine
correct. i think squarespace was doing some magic to do it automatically
if you look at the cloudflare tls mode explanations, I believe
flexible encrypts connections between the client and the proxy, but connects to your origin server only via http, which is what your server does seem to support
this isn't a recommended solution to your problem, but if NPM does not support https it might be your best betits so odd that https wouldnt work. ill play around with it more by toggling the proxy but this is something more than just a 504. i appreciate the feedback
theres no way to assign SSL certs to local IPs so im kind of stumped why https wont work
NPM has no ssl configuration options?
not that i could find
i did those things
npm runs on three ports, http, https, and the webui
i mapped the ports 80 to http and 443 to https
then i made a proxy host (if you know nginx stuff) and it made a server that listens on both 80 and 443 and the ssl cert is defined
idk why squarespace had no issue, but id rather move to cloudflare for all the flexibility
the DNS renewal works so its not the generated cert
@Idle holy toledo. Wanted to let you know that I figured it out and learned a ton about Cloudflare
Since NPM did the proxying, CF and NPM kept tossing requests back and forth, hence the 504
After switching CF to DNS only, NPM worked and I was able to troubleshoot SSL issues from there
tldr; Cloudflare does everything NPM can do, if not more. It just means investing the effort to move all my previous configurations to the platform
Thank you again for your assistance