CD
Cloudflare Developers17h ago
Yousef

SSL Certificate

I have an Ubuntu VPS server running a web server with Nginx. Initially, I configured Cloudflare as a reverse proxy pointing to my server’s IPv4 address. I noticed that my server’s IPv4 address was being exposed on services like Shodan.io, one of my friends checked it and told me the reason was from the ssl, because when he searched with the ssl he also found the ip, even though I had configured SSL to "Full" mode in Cloudflare and hosted the SSL certificate on my server. As I’m still new to server management, I switched the SSL setting in Cloudflare to "Flexible" and removed the SSL configuration from the Nginx setup. Could this change have been the reason my IPv4 address was exposed? Additionally, I would like to know the best practice for SSL configuration. Should I use "Full Strict" mode and host the SSL certificate on my VPS?
17 Replies
Yousef
YousefOP17h ago
Ping me when someone reply
Idle
Idle16h ago
your servers ip address can be exposed through your domain if your A/AAAA records are unproxied (dns only) If you have proxying enabled for all records that contain your ip then it is not possible to directly figure out your servers ip (...) whether or not tls is used doesn't have anything to do with that as far as I know
Yousef
YousefOP16h ago
But I've already proxied them and the ipv4 was still showing on shodan.io
Idle
Idle16h ago
is not possible to directly figure out your servers ip
there are workarounds
Yousef
YousefOP16h ago
wdym by workarounds
Idle
Idle16h ago
if you had your records unproxied previously or if your server answers to traffic that doesn't originate from cloudflare there are many ways that your ip can end up in a database, associated with your domain
Yousef
YousefOP16h ago
so if it was previosly unproxied would that be the issue? the data base is also hosted in the vps and i can not even access it witout connecting to the vps
Idle
Idle16h ago
what's your domain
Yousef
YousefOP16h ago
lutex.io
1.1.1.1
1.1.1.116h ago
DNS over Discord: A records
lutex.io A @1.1.1.3 +noall +answer 
NAME     | TTL  | DATA         
---------+------+--------------
lutex.io | 291s | 172.67.166.18
lutex.io | 291s | 104.21.16.35 
NAME     | TTL  | DATA         
---------+------+--------------
lutex.io | 291s | 172.67.166.18
lutex.io | 291s | 104.21.16.35
diggy diggy hole
1.1.1.1
1.1.1.116h ago
DNS over Discord: AAAA records
lutex.io AAAA @1.1.1.1 +noall +answer 
NAME     | TTL  | DATA                     
---------+------+--------------------------
lutex.io | 300s | 2606:4700:3032::ac43:a612
lutex.io | 300s | 2606:4700:3037::6815:1023
NAME     | TTL  | DATA                     
---------+------+--------------------------
lutex.io | 300s | 2606:4700:3032::ac43:a612
lutex.io | 300s | 2606:4700:3037::6815:1023
diggy diggy hole
Idle
Idle16h ago
¯\_(ツ)_/¯
Yousef
YousefOP16h ago
what?
Idle
Idle16h ago
at first glance your dns seems fine once again there are a lot of slip ups that could lead to your ip being exposed there really isn't much you can do after that
Yousef
YousefOP16h ago
I'm changing the ipv4 but i need to make sure that the mistake i did before is not going to happen again Are you sure that it has nothing to do with ssl?
Idle
Idle16h ago
I'm not an expert on that topic, so maybe wait for someone else to respond
Yousef
YousefOP15h ago
sure >﹏<

Did you find this page helpful?