CD
Cloudflare Developers3w ago
YoYo

How do I route cloudflare pages through my nginx proxy which is hosted locally using cloudflared?

I have a web app hosted on cloudflare pages and I have my other services running in a docker network with nginx as the reverse proxy locally which is being tunnelled using cloudflare tunnel to a wildcare domain name *.example.com. I am able to access all my other services as you can see in the template below like api.example.com, search.example.com but whenever I go app.example.com which is supposed to proxy to my cloudflare pages, I get a 400 bad request page. How do i resolve this? Is it happening because of the ssl certificates I am using as the certificates being used in my nginx proxy are locally signed ssl certificates. I have been struggling with this. Can anyone please help me?
1 Reply
YoYo
YoYoOP3w ago
Here is the nginx config template that I am using: 
events {
}

http {
  upstream backend_api {
    server ${BACKEND_API_HOST}:${BACKEND_API_PORT};
  }

  upstream search_engine {
    server ${SEARCH_ENGINE_HOST}:${SEARCH_ENGINE_PORT};
  }

  # Backend api server block for both http and https
  server {
    listen 80;
    server_name api.${SERVER_NAME};
    return 301 https://$host$request_uri;
  }

  server {
    listen 443 ssl;
    server_name api.${SERVER_NAME};

    ssl_certificate ${SSL_CERT_PATH};
    ssl_certificate_key ${SSL_KEY_PATH};

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location /static/ {
      alias ${STATIC_FILES_FOLDER};
      include mime.types;
      access_log off;
      expires 30d;
    }

    location / {
      proxy_pass http://backend_api;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
  }

  # Search api server block for both http and https
  server {
    listen 80;
    server_name search.${SERVER_NAME};
    return 301 https://$host$request_uri;
  }

  server {
    listen 443 ssl;
    server_name search.${SERVER_NAME};

    ssl_certificate ${SSL_CERT_PATH};
    ssl_certificate_key ${SSL_KEY_PATH};

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
      proxy_pass http://search_engine;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
  }
events {
}

http {
  upstream backend_api {
    server ${BACKEND_API_HOST}:${BACKEND_API_PORT};
  }

  upstream search_engine {
    server ${SEARCH_ENGINE_HOST}:${SEARCH_ENGINE_PORT};
  }

  # Backend api server block for both http and https
  server {
    listen 80;
    server_name api.${SERVER_NAME};
    return 301 https://$host$request_uri;
  }

  server {
    listen 443 ssl;
    server_name api.${SERVER_NAME};

    ssl_certificate ${SSL_CERT_PATH};
    ssl_certificate_key ${SSL_KEY_PATH};

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location /static/ {
      alias ${STATIC_FILES_FOLDER};
      include mime.types;
      access_log off;
      expires 30d;
    }

    location / {
      proxy_pass http://backend_api;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
  }

  # Search api server block for both http and https
  server {
    listen 80;
    server_name search.${SERVER_NAME};
    return 301 https://$host$request_uri;
  }

  server {
    listen 443 ssl;
    server_name search.${SERVER_NAME};

    ssl_certificate ${SSL_CERT_PATH};
    ssl_certificate_key ${SSL_KEY_PATH};

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
      proxy_pass http://search_engine;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
    }
  }
  # App dashboard server block for both http and https
  server {
    listen 80;
    server_name app.${SERVER_NAME};
    return 301 https://$host$request_uri;
  }

  server {
      listen 443 ssl;
      server_name app.${SERVER_NAME};
      
      # SSL for the app subdomain (if using Full (Strict) SSL with Cloudflare)
      ssl_certificate ${SSL_CERT_PATH};
      ssl_certificate_key ${SSL_KEY_PATH};

      ssl_protocols TLSv1.2 TLSv1.3;
      ssl_prefer_server_ciphers on;
      ssl_ciphers HIGH:!aNULL:!MD5;

      location / {
          # Forward to Cloudflare-hosted app
          proxy_pass https://${CLOUDFLARE_DASHBOARD_URL};
          proxy_ssl_server_name on;
          proxy_ssl_name $proxy_host;    

          # Set headers for forwarded requests
          proxy_set_header Host https://${CLOUDFLARE_DASHBOARD_URL};
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      }
  }

}
  # App dashboard server block for both http and https
  server {
    listen 80;
    server_name app.${SERVER_NAME};
    return 301 https://$host$request_uri;
  }

  server {
      listen 443 ssl;
      server_name app.${SERVER_NAME};
      
      # SSL for the app subdomain (if using Full (Strict) SSL with Cloudflare)
      ssl_certificate ${SSL_CERT_PATH};
      ssl_certificate_key ${SSL_KEY_PATH};

      ssl_protocols TLSv1.2 TLSv1.3;
      ssl_prefer_server_ciphers on;
      ssl_ciphers HIGH:!aNULL:!MD5;

      location / {
          # Forward to Cloudflare-hosted app
          proxy_pass https://${CLOUDFLARE_DASHBOARD_URL};
          proxy_ssl_server_name on;
          proxy_ssl_name $proxy_host;    

          # Set headers for forwarded requests
          proxy_set_header Host https://${CLOUDFLARE_DASHBOARD_URL};
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      }
  }

}
Want results from more Discord servers?
Add your server