The error 521
I am trying to make a service available using nginx proxy manager, however if I use flexible encryption mode, I get too many redirect error, and if I use full, I get the error 521
In flexible, I can see the default nginx welcome website, however if I try and make an proxy host to the service, it says too many redirects.
6 Replies
Flexible means connect to your origin insecurely over http. Your proxied service is probably trying to force https/security, which is a good thing.
You should be Full (Strict) always. 521 means you probably don't have https on port 443 setup, you should enable and you can use Cloudflare Origin Certs (SSL/TLS -> Origin Server) valid for up to 15 years trusted by Proxy, otherwise check firewall/etc to make sure you're allowing connections to 443 and not just 80
I got the certificate and key, imported that into nginx proxy manager and all the port forwarding works because I can type in my public IP:443 and it goes through, however going through the domain name still results in 521
I can type in my public IP:443 and it goes throughFrom an external network or the same network? If you are trying to reach your public ip from the same network that it is for, you're not going to all the way out and back in, routers do something called hairpinning where it realizes you're trying to reach your public ip and turns around. A true test would be trying to connect while on a VPN or from a device on another network entirely. Espec nowadays with CGNAT and other silly things ISPs do
domain name still results in 521Also make sure Full (Strict) / same IP
It doesn't work from outside the network, however the port 443 and the port 80 are configured the same way, and port 80 works
are you using your ISP's app to port forward, or just on the router? I'd guess something wrong with port forward or weirdness with ISP, you could try an alt port too like 8443, can use an origin rule in CF to transparently rewrite if that does work
I am using their app to port forward, as they disabled port forwarding from the router.
trying to use an alt port of 8443 says that SSL handshake failed
i have disabled the proxy host, and was just trying to get the website to appear
do i some how need to enable or select the SSL certificate?
So I did something I think and now it says err SSL unrecognized name alert