How do I route cloudflare pages through my nginx proxy which is hosted locally using cloudflared?

I have a web app hosted on cloudflare pages and I have my other services running in a docker network with nginx as the reverse proxy locally which is being tunnelled using cloudflare tunnel to a wildcare domain name *.example.com. I am able to access all my other services as you can see in the template below like api.example.com, search.example.com but whenever I go app.example.com which is supposed to proxy to my cloudflare pages, I get a 400 bad request page. How do i resolve this? Is it happening because of the ssl certificates I am using as the certificates being used in my nginx proxy are locally signed ssl certificates. I have been struggling with this. Can anyone please help me?
1 Reply
YoYo
YoYoOP2mo ago
Here is the nginx config template that I am using:
events {
}

http {
upstream backend_api {
server ${BACKEND_API_HOST}:${BACKEND_API_PORT};
}

upstream search_engine {
server ${SEARCH_ENGINE_HOST}:${SEARCH_ENGINE_PORT};
}

# Backend api server block for both http and https
server {
listen 80;
server_name api.${SERVER_NAME};
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name api.${SERVER_NAME};

ssl_certificate ${SSL_CERT_PATH};
ssl_certificate_key ${SSL_KEY_PATH};

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;

location /static/ {
alias ${STATIC_FILES_FOLDER};
include mime.types;
access_log off;
expires 30d;
}

location / {
proxy_pass http://backend_api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

# Search api server block for both http and https
server {
listen 80;
server_name search.${SERVER_NAME};
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name search.${SERVER_NAME};

ssl_certificate ${SSL_CERT_PATH};
ssl_certificate_key ${SSL_KEY_PATH};

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;

location / {
proxy_pass http://search_engine;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
events {
}

http {
upstream backend_api {
server ${BACKEND_API_HOST}:${BACKEND_API_PORT};
}

upstream search_engine {
server ${SEARCH_ENGINE_HOST}:${SEARCH_ENGINE_PORT};
}

# Backend api server block for both http and https
server {
listen 80;
server_name api.${SERVER_NAME};
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name api.${SERVER_NAME};

ssl_certificate ${SSL_CERT_PATH};
ssl_certificate_key ${SSL_KEY_PATH};

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;

location /static/ {
alias ${STATIC_FILES_FOLDER};
include mime.types;
access_log off;
expires 30d;
}

location / {
proxy_pass http://backend_api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

# Search api server block for both http and https
server {
listen 80;
server_name search.${SERVER_NAME};
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name search.${SERVER_NAME};

ssl_certificate ${SSL_CERT_PATH};
ssl_certificate_key ${SSL_KEY_PATH};

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;

location / {
proxy_pass http://search_engine;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# App dashboard server block for both http and https
server {
listen 80;
server_name app.${SERVER_NAME};
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name app.${SERVER_NAME};

# SSL for the app subdomain (if using Full (Strict) SSL with Cloudflare)
ssl_certificate ${SSL_CERT_PATH};
ssl_certificate_key ${SSL_KEY_PATH};

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;

location / {
# Forward to Cloudflare-hosted app
proxy_pass https://${CLOUDFLARE_DASHBOARD_URL};
proxy_ssl_server_name on;
proxy_ssl_name $proxy_host;

# Set headers for forwarded requests
proxy_set_header Host https://${CLOUDFLARE_DASHBOARD_URL};
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

}
# App dashboard server block for both http and https
server {
listen 80;
server_name app.${SERVER_NAME};
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name app.${SERVER_NAME};

# SSL for the app subdomain (if using Full (Strict) SSL with Cloudflare)
ssl_certificate ${SSL_CERT_PATH};
ssl_certificate_key ${SSL_KEY_PATH};

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;

location / {
# Forward to Cloudflare-hosted app
proxy_pass https://${CLOUDFLARE_DASHBOARD_URL};
proxy_ssl_server_name on;
proxy_ssl_name $proxy_host;

# Set headers for forwarded requests
proxy_set_header Host https://${CLOUDFLARE_DASHBOARD_URL};
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

}
Want results from more Discord servers?
Add your server