this post was submitted on 14 Jun 2023
30 points (100.0% liked)

Programming.dev Meta

2479 readers
1 users here now

Welcome to the Programming.Dev meta community!

This is a community for discussing things about programming.dev itself. Things like announcements, site help posts, site questions, etc. are all welcome here.

Links

Credits

founded 2 years ago
MODERATORS
30
DNS Outage (self.meta)
submitted 1 year ago* (last edited 1 year ago) by snowe to c/meta
 

At 6:49 Denver/America time today I migrated the DNS nameservers to Cloudflare. This propogated quickly, but inadvertently I had set the SSL/TLS Encryption mode to Flexible, which resulted in Cloudflare attempting to encrypt traffic between itself and the server. But programming.dev already has its own certificate. Cloudflare expects http traffic to come from the origin server, not https, so when it received https it simply tried over and over again, resulting in failure to connect.

Switching the SSL/TLS setting to Full (Strict) fixed the issue. Sorry about that everyone! I'll try to not break stuff that badly in the future.

you are viewing a single comment's thread
view the rest of the comments
[–] ruffsl 2 points 1 year ago

Hypothetical: If we ever upgraded to http/3, how does Cloudflare handle this? My understanding is that http/3 can only use the https protocol, given QUIC transport underneath http/3 only supports TLS 1.3, and never clear text.

Would Cloudflare then have to proxy https with man-in-the-middle certs, or would our backend always be limited to http/1.2? I've not found and proxy examples for having end-to-end http/3 and QUIC support just yet.