Hello, I’ve been trying to find information regarding this question but didn’t find anything useful, except how to configure Caddy.
My question is “How do I setup Cloudlflare and Caddy to work together?”
How I run Caddy
config
Here’s my Caddyfile config:
v1rtl.site
reverse_proxy :3000
tls {
dns cloudflare AUTH_TOKEN
}
command
I have compiled caddy with cloudflare DNS module using xcaddy and then moved caddy executable to /usr/bin
sudo caddy run -config ~/Caddyfile
Caddy logs
2020/07/05 17:32:48.630 INFO using provided configuration {"config_file": "/home/v1rtl/Caddyfile", "config_adapter": ""}
2020/07/05 17:32:48.635 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2020/07/05 17:32:48.636 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2020/07/05 17:32:48.637 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2020/07/05 17:32:48.637 INFO http enabling automatic TLS certificate management {"domains": ["example.com"]}
2020/07/05 17:32:48.651 INFO tls cleaned up storage units
2020/07/05 17:32:48.652 INFO autosaved config {"file": "/root/.config/caddy/autosave.json"}
2020/07/05 17:32:48.652 INFO serving initial configuration
2020/07/05 17:32:48 [INFO][cache:0xc0007fa600] Started certificate maintenance routine
Cloudflare info
I have an A record for a domain pointing on my VPS IP address.
I have set TLS/SSL encryption mode to Full Strict.
I have “Always Use HTTPS” enabled in Cloudflare.
Result
When I try to access the site it loads for a long time and returns 522.
I suppose something is wrong with Cloudflare config. Any ideas of how to set it properly?
Status 522 is a Cloudflare-specific HTTP status that indicates Cloudflare could not make a connection to your server. Firewalls or incorrect origin IP addresses are common causes here. This is basically a dead stop, go straight to jail, do not pass go, do not collect $200 situation; if Cloudflare is issuing this status, we’re nowhere near a recursive redirect situation.
Maximum redirects followed is another issue entirely. You’ve got Full (Strict) mode enabled in Cloudflare, which is great - that eliminates one possible source of recursive HTTPS redirects. There may be one occurring between the origin server and the upstream server, though.
That said, I checked the same site and got Status 200 from a server: Vercel, rather than a Caddy server, so I’m not entirely sure.
Remove Cloudflare from the equation (grey-cloud your domain) and then test directly against your origin server for HTTPS.
Cloudflare is saying (with the 522) that it’s the origin server not playing nice. The fact it works in flexible mode (where Cloudflare connects to HTTP instead of HTTPS) implies that your origin server is talking to Cloudflare on port 80 but not 443. Testing directly against the origin server without Cloudflare in the way might expose the underlying issues.
