I’m under cloudlare tunnel and I’m trying to set up mastodon with caddy reverse proxy and I followed this topic Infinite redirection - #5 by Whitestrake but neither cloduflare origin certificates or self signed works.
I strongly recommend using the Caddyfile config instead of overriding the command. The reverse-proxy command is only meant to be used for quick-and-dirty local development servers, not for anything running long-term such as a Docker container.
If you override the command, the Caddyfile will not work. So maybe that’s why your config changes are not working as you expect.
How did you configure CloudFlare? What encryption mode are you using?
What’s the value of your MASTODON_DOMAIN environment variable? Does it contain a scheme, or is it simply a domain? That can affect how Caddy runs.
Because Caddy is attempting to upgrade the connection to HTTPS but the tunnel keeps making HTTP requests.
This is a better result than infinite redirects, but… Bad Gateway that means you’re connecting to Caddy fine, but Caddy can’t connect to your upstream for some reason.
Add debug to your global options (see: Global options (Caddyfile) — Caddy Documentation), make a request, and post the log output from Caddy here. This will give us a better idea of what Caddy sees each time it tries to connect upstream.
P.S.
To clarify, the Encryption Modes configured in the Cloudflare main dashboard (see: Encryption modes · Cloudflare SSL/TLS docs) is completely irrelevant for Cloudflare Tunnels. The latter rely on either the manual configuration of the tunnel OR the Cloudflare Zero Trust dashboard where managed tunnels are configured (specifying HTTP/S for upstream scheme and whether TLS is verified or not is done there).
thx pointing me out! I fixed it
I checked the tunnel configuration under TLS option and I enable “No TLS Verify” and set " Origin Server Name" to ${MASTODON_DOMAIN}