When using caddy with reverse proxy and Cloudflare as dns proxy the site becomes unavailable

[F0rce]

To Reproduce:

• setup code-server with install.sh script

• open the configuration guide and use caddy with lets encrypt

• follow to configuration guide closely and done

• add a A record to your domain's dns page (Cloudflare) without the proxy (grey cloud)

• connect to the page --> WORKS

• edit the A record to use the proxy (orange cloud)

• When trying to open in any browser --> ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Does anybody know what's up with that ? Its really getting on my nerves... (I had some problems with DDoS attacks, that's why I really always choose to use Cloudflare).

I had the same setup a while ago (2-3 months) and it worked perfectly. Maybe a new version of code-server changed some things, but I don't know.

Thanks in Advance,
David

[jsjoeio]

@code-asher any ideas? (this is out of my wheelhouse)

[code-asher]

Are you running code-server with `systemctl start code-server` or some other way? And have you added any flags to it? One idea for debugging is to make Caddy return a string to test if code-server is the issue or not. Example Caddyfile: ``` mydomain.com respond "If you see this then Caddy is working correctly" ```

[F0rce]

@code-asher

Jeah I run code-server with systemctl start code-server@$USER and have no additional Flags to it.

The caddy test you told me succeeded, so caddy works properly.

Do you have any idea, what could be causing that ?

And obviously thanks for trying to help me

[code-asher]

Hmmm if the test Caddyfile works then code-server should also work as long as a flag like --cert was not passed to code-server. In your case that looks good. 👌

When you used the test Caddyfile it was using HTTPS in your browser right?

I assume your Caddyfile looks like this since you used our guide?

mydomain.com

reverse_proxy 127.0.0.1:8080

Since Caddy is handling TLS it seems like the error must originate there but if it works when you replace the reverse_proxy line with respond then it makes it seem like code-server is the problem but I have no idea how that could be the case. 🤔

Something else you can try is a tool like https://www.ssllabs.com/ssltest/analyze.html to see if it finds any issues with the cert.

[DazeCake]

Hello, have you tried to manually pass in the certificate file and key file path?
In my environment, I use
./code-server --cert #certificate file path --cert-key #key path
It works by used Cloudflare's free certificate.
Maybe it works for you too!