At 6:49 Denver/America time today I migrated the DNS nameservers to Cloudflare. This propogated quickly, but inadvertently I had set the SSL/TLS Encryption mode to Flexible, which resulted in Cloudflare attempting to encrypt traffic between itself and the server. But programming.dev already has its own certificate. Cloudflare expects http traffic to come from the origin server, not https, so when it received https it simply tried over and over again, resulting in failure to connect.

Switching the SSL/TLS setting to Full (Strict) fixed the issue. Sorry about that everyone! I’ll try to not break stuff that badly in the future.

  • Buddhist1961@programming.dev
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 years ago

    Thanks for everything you do to keep this instance running. I’m still getting a 500 error sometimes. Do you know if it’s just a temporary issue?

    • snowe@programming.devOPM
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 years ago

      Hi, it appears we got linked on HackerNews and nginx was not set up properly to handle it. I’ve increased the worker connection count and you should see stuff working now. If not then we still have more work to do.

  • McSinyx@slrpnk.net
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    2 years ago

    Any chance programming.dev will move away from Cloudflare? There’s an irony in hosting a decentralized Reddit alternative in response of its abusing monopolistic power and putting the server behind a MITM that sees over 20% of the web’s traffic in clear text and forces people in less wealthy areas to help train image recognition models.

    • snowe@programming.devOPM
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 years ago

      We got linked on hackernews and nginx wasn’t properly configured for it. It should hopefully be resolved now!

  • ruffsl@programming.dev
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 years ago

    Hypothetical: If we ever upgraded to http/3, how does Cloudflare handle this? My understanding is that http/3 can only use the https protocol, given QUIC transport underneath http/3 only supports TLS 1.3, and never clear text.

    Would Cloudflare then have to proxy https with man-in-the-middle certs, or would our backend always be limited to http/1.2? I’ve not found and proxy examples for having end-to-end http/3 and QUIC support just yet.