So, I tried linking my Lemmy instance akaris.space but it says the ssl handshake failed and i can’t seem to figure out what went wrong.
Set the SSL mode to “Full”. Then go to “Rules” and create three rules. This is also the order in which they should be processed:
1. Name: lemmy u all Custom filter expression: URI path equals /u/* All other options disabled.2. Name: lemmy nodeinfo all Custom filter expression: URI path equals /nodeinfo/* All other options disabled.3. Name: lemmy inbox all Custom filter expression: URI path equals /inbox/* All other options disabled.This should get your instance running behind Cloudflare’s tunnel.
*edited for formatting
What do I put for “rule type” on Cloudflare? ex: redriect or route request, transform request/response, modify configurations
Oops sorry about that, you want them all as configuration rules
I’m not familiar enough with Cloudflare’s error messages — or deployment with Cloudflare — to know what exact behavior that corresponds to, but I’d guess that most likely it can open a TCP connection to port 443 on what it thinks is your server, but it’s not getting HTTPS on that port or your server isn’t configured to serve up the right certificate for that hostname or the web server software running on it is otherwise broken. Might be some sort of intervening firewall.
I don’t know where your actual server is, may not even be accessible to me. But if you have a Linux machine that can talk to it directly – including, perhaps, the server itself – you should be able to see what certificate it’s handing back via:
$ openssl s_client -showcerts -servername akaris.space IP-address-of-actual-server:443That’ll try to establish a TLS connection, will send the specified server name so that if you’re using vhosting on the server, it knows which site to return, and then will tell you what certificate the web server used. Would probably be my first diagnostic step if I thought that there was a problem with the TLS handshake on a machine I was running.
That might provide enough information to you to let you resolve the issue yourself.
Beyond that, trying to provide much more information probably isn’t possible without more information about how your server is set up and what actually is working. You can censor IP addresses if you want to keep that private.
How are you using Cloudflare, and what are you serving the lemmy instance on? I’m guessing it is due to the ssl mode chosen as said before
I’m using it to set a tunnel, and lemmy instance is yunohost. since my domain is on porkbun, it says now “parked on the bun”
You want to use flexible ssl/tls for starters, doubtful it will work otherwise. Log in to cloudflare, choose domain, then SSL/TLS and see if encryption is set to flexible. See what that gets you, though it can take 15 mins for effects to show up. As long as the server can be reached cloudflare will try and match a certificate so lemmy gets served, as long as the server is set up correctly and the ports etc. are correctly forwarded and open
https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/ you could use a less strict mode here
I have, thanks, now it shows “parked on the bun”
What is porkbun, your hosting provider?
