• 1 Post
  • 15 Comments
Joined 4 months ago
cake
Cake day: March 3rd, 2024

help-circle











  • When I turn off Wi-Fi, I’m not on the same network as my server, it’s my carrier network so all the internet hops are expected.

    The way it’s working now is I have a domain (example.com) that is set up on cloudflare DNS. I added a tunnel in cloudflare zero trust, which generates certificates you add to your server to encrypt traffic from your server to cloudflare. I have added these to traefik to be served with my service url (service.example.com). Then, I added a route in cloudflare for service.example.com.

    This works fine. But, what I’ve also done is add a local DNS entry for service.example.com so when I’m on my LAN, I access it without going out to the internet and back (seems like a waste). However, this is serving the origin server certs from cloudflare, which causes trust issues

    I’m using docker for everything: traefik, cloudflared tunnel, and my services on the same hardware. The tunnel just runs, and it’s configured on cloudflare zero trust to talk directly to the container:port over the docker network.



  • You’re right, I’m using the cloudflare DNS challenge to get let’s encrypt certs. I’m definitely hitting traefik. I’m testing by turning the Wi-Fi on my phone off/on and opening the page after. I get the same cert every time but it’s not trusted when on Wi-Fi. This makes sense since it’s the origin server cert which is meant to encrypt traffic between my server and cloudflare. To add more certainty, when Wi-Fi is on, a traceroute shows only one hop to my server and shows a bunch of hops when it’s off.