starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 09:55:51 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1791] Redirection does not work with active Cloudflare proxy #1325

New issue
Closed
opened 2026-02-26 07:30:30 +03:00 by kerem · 12 comments
kerem commented 2026-02-26 07:30:30 +03:00
Owner
Copy link

Originally created by @talesam on GitHub (Jan 22, 2022).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1791

Domain redirect does not work if I enable proxy on Cloudflare, does anyone know what this could be?, When I disable proxy for www (CNAME) on cloudflare, the redirect stops working.
Screenshot_20220122_140307
Screenshot_20220122_140153
Screenshot_20220122_140725

Originally created by @talesam on GitHub (Jan 22, 2022). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1791 Domain redirect does not work if I enable proxy on Cloudflare, does anyone know what this could be?, When I disable proxy for www (CNAME) on cloudflare, the redirect stops working. ![Screenshot_20220122_140307](https://user-images.githubusercontent.com/981368/150648423-d81921f5-0650-4e4e-b3bf-8260e4aa5f0c.png) ![Screenshot_20220122_140153](https://user-images.githubusercontent.com/981368/150648425-742c4a9c-4311-4795-9185-b196f5795aeb.png) ![Screenshot_20220122_140725](https://user-images.githubusercontent.com/981368/150648532-01e99355-ee20-4a19-88b8-cc8c13e92543.png)
kerem 2026-02-26 07:30:30 +03:00
  • closed this issue
  • added the
    stale
    bug
         labels
kerem commented 2026-02-26 07:30:31 +03:00
Author
Owner
Copy link

@whytf commented on GitHub (Jan 24, 2022):

From what you say, it doesn't work when you disable cloudflare proxy.

First of all when cloudflare proxy is disabled it only works as a regular dns and there's something wrong with your configuration .

Second, you can achieve the same result just by creating a single proxy host while specifying both domain at same time or separately, does not matter, like here:
image

<!-- gh-comment-id:1020173493 --> @whytf commented on GitHub (Jan 24, 2022): From what you say, it doesn't work when you disable cloudflare proxy. First of all when cloudflare proxy is disabled it only works as a regular dns and there's something wrong with your configuration . Second, you can achieve the same result just by creating a single proxy host while specifying both domain at same time or separately, does not matter, like here: ![image](https://user-images.githubusercontent.com/35870617/150803761-175e13e8-3ba9-48a1-b4e9-c0b54e7af785.png)
kerem commented 2026-02-26 07:30:31 +03:00
Author
Owner
Copy link

@talesam commented on GitHub (Jan 24, 2022):

This does not work, the domain that has www it will say that it does not have SSL active.
Screenshot_20220124_120052

<!-- gh-comment-id:1020191647 --> @talesam commented on GitHub (Jan 24, 2022): This does not work, the domain that has www it will say that it does not have SSL active. ![Screenshot_20220124_120052](https://user-images.githubusercontent.com/981368/150807448-2211f557-4697-4353-8bd8-062a158c0873.png)
kerem commented 2026-02-26 07:30:31 +03:00
Author
Owner
Copy link

@whytf commented on GitHub (Jan 24, 2022):

Did you setup the SSL tab ?

<!-- gh-comment-id:1020312210 --> @whytf commented on GitHub (Jan 24, 2022): Did you setup the SSL tab ?
kerem commented 2026-02-26 07:30:31 +03:00
Author
Owner
Copy link

@talesam commented on GitHub (Jan 24, 2022):

Yes of course it works for domain without www

https://veidahavan.com/

<!-- gh-comment-id:1020345548 --> @talesam commented on GitHub (Jan 24, 2022): Yes of course it works for domain without www https://veidahavan.com/
kerem commented 2026-02-26 07:30:31 +03:00
Author
Owner
Copy link

@whytf commented on GitHub (Jan 24, 2022):

Your certificate is not wildcard, thus not working on subdomains and also the www is invalid because it is generated for localhost and signed by localhost.
https://www.ssllabs.com/ssltest/analyze.html?d=www.veidahavan.com

Here google for example has *.google in alternative names so it does work for subdomains as www.
https://www.ssllabs.com/ssltest/analyze.html?d=google.sk&s=142.250.191.67&latest

<!-- gh-comment-id:1020371944 --> @whytf commented on GitHub (Jan 24, 2022): Your certificate is not wildcard, thus not working on subdomains and also the www is invalid because it is generated for localhost and signed by localhost. https://www.ssllabs.com/ssltest/analyze.html?d=www.veidahavan.com Here google for example has *.google in alternative names so it does work for subdomains as www. https://www.ssllabs.com/ssltest/analyze.html?d=google.sk&s=142.250.191.67&latest
kerem commented 2026-02-26 07:30:31 +03:00
Author
Owner
Copy link

@talesam commented on GitHub (Jan 24, 2022):

Got it, I'll test it, I have to generate a certificate with *.veidahavan.com

<!-- gh-comment-id:1020387350 --> @talesam commented on GitHub (Jan 24, 2022): Got it, I'll test it, I have to generate a certificate with *.veidahavan.com
kerem commented 2026-02-26 07:30:31 +03:00
Author
Owner
Copy link

@talesam commented on GitHub (Feb 4, 2022):

Your certificate is not wildcard, thus not working on subdomains and also the www is invalid because it is generated for localhost and signed by localhost. https://www.ssllabs.com/ssltest/analyze.html?d=www.veidahavan.com

Here google for example has *.google in alternative names so it does work for subdomains as www. https://www.ssllabs.com/ssltest/analyze.html?d=google.sk&s=142.250.191.67&latest

I couldn't generate a domain with valid www, do you have any documentation that explains how to do it?

I tried to generate with the wildcard * but it gave an error.

<!-- gh-comment-id:1029532676 --> @talesam commented on GitHub (Feb 4, 2022): > Your certificate is not wildcard, thus not working on subdomains and also the www is invalid because it is generated for localhost and signed by localhost. https://www.ssllabs.com/ssltest/analyze.html?d=www.veidahavan.com > > Here google for example has *.google in alternative names so it does work for subdomains as [www](http://www). https://www.ssllabs.com/ssltest/analyze.html?d=google.sk&s=142.250.191.67&latest I couldn't generate a domain with valid www, do you have any documentation that explains how to do it? I tried to generate with the wildcard * but it gave an error.
kerem commented 2026-02-26 07:30:31 +03:00
Author
Owner
Copy link

@fabriziosalmi commented on GitHub (Feb 7, 2022):

Since You've a Cloudflare account just put that redirect in the Cloudflare's bulk redirects section.
For any Cloudflare + NginxProxyManager user I suggest to enable Cloudflare proxy even if You're using nginx proxy manager. This because it just works and that way You can set Cloudflare SSL/TLS mode to strict instead of full since You've a valid certificate on the nginx proxy layer too and not just on the publc endpoint managed by Cloudflare. Of course real ip stuff need to be correctly forwarded to the app servers (it's the latest entry in the x-forwarded-for header or is the value of CF-connecting-IP header provided by Cloudflare).

<!-- gh-comment-id:1031306558 --> @fabriziosalmi commented on GitHub (Feb 7, 2022): Since You've a Cloudflare account just put that redirect in the Cloudflare's **bulk redirects** section. For any Cloudflare + NginxProxyManager user I suggest to enable Cloudflare proxy even if You're using nginx proxy manager. This because it just works and that way You can set Cloudflare SSL/TLS mode to **strict** instead of **full** since You've a valid certificate on the nginx proxy layer too and not just on the publc endpoint managed by Cloudflare. Of course real ip stuff need to be correctly forwarded to the app servers (it's the latest entry in the x-forwarded-for header or is the value of CF-connecting-IP header provided by Cloudflare).
kerem commented 2026-02-26 07:30:31 +03:00
Author
Owner
Copy link

@talesam commented on GitHub (Feb 7, 2022):

Since You've a Cloudflare account just put that redirect in the Cloudflare's bulk redirects section.
For any Cloudflare + NginxProxyManager user I suggest to enable Cloudflare proxy even if You're using nginx proxy manager. This because it just works and that way You can set Cloudflare SSL/TLS mode to strict instad of full since You've a valid certificate on the nginx proxy layer too and not just on the publc endpoint managed by Cloudflare. Of course real ip stuff need to be correctly forwarded to the app servers (it's the latest entry in the x-forwarded-for header or is the value of CF-connecting-IP header provided by Cloudflare).

I've tried several times to use the CF certificate and I could never get it to work in NPM :-(

<!-- gh-comment-id:1031443280 --> @talesam commented on GitHub (Feb 7, 2022): > Since You've a Cloudflare account just put that redirect in the Cloudflare's **bulk redirects** section. > For any Cloudflare + NginxProxyManager user I suggest to enable Cloudflare proxy even if You're using nginx proxy manager. This because it just works and that way You can set Cloudflare SSL/TLS mode to **strict** instad of **full** since You've a valid certificate on the nginx proxy layer too and not just on the publc endpoint managed by Cloudflare. Of course real ip stuff need to be correctly forwarded to the app servers (it's the latest entry in the x-forwarded-for header or is the value of CF-connecting-IP header provided by Cloudflare). I've tried several times to use the CF certificate and I could never get it to work in NPM :-(
kerem commented 2026-02-26 07:30:31 +03:00
Author
Owner
Copy link

@fabriziosalmi commented on GitHub (Feb 7, 2022):

maybe you need to install cloudflare root certificate in the npm CA vault?

Il giorno lun 7 feb 2022 alle 14:01 Tales A. Mendonça <
@.***> ha scritto:

Since You've a Cloudflare account just put that redirect in the
Cloudflare's bulk redirects section.
For any Cloudflare + NginxProxyManager user I suggest to enable Cloudflare
proxy even if You're using nginx proxy manager. This because it just works
and that way You can set Cloudflare SSL/TLS mode to strict instad of
full since You've a valid certificate on the nginx proxy layer too and
not just on the publc endpoint managed by Cloudflare. Of course real ip
stuff need to be correctly forwarded to the app servers (it's the latest
entry in the x-forwarded-for header or is the value of CF-connecting-IP
header provided by Cloudflare).

I've tried several times to use the CF certificate and I could never get
it to work in NPM :-(


Reply to this email directly, view it on GitHub
https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1791#issuecomment-1031443280,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAL7CVEETGZFDBRYHIHRDW3UZ67BVANCNFSM5MSCJM3A
.
You are receiving this because you commented.Message ID:
@.***>

<!-- gh-comment-id:1031445177 --> @fabriziosalmi commented on GitHub (Feb 7, 2022): maybe you need to install cloudflare root certificate in the npm CA vault? Il giorno lun 7 feb 2022 alle 14:01 Tales A. Mendonça < ***@***.***> ha scritto: > Since You've a Cloudflare account just put that redirect in the > Cloudflare's *bulk redirects* section. > For any Cloudflare + NginxProxyManager user I suggest to enable Cloudflare > proxy even if You're using nginx proxy manager. This because it just works > and that way You can set Cloudflare SSL/TLS mode to *strict* instad of > *full* since You've a valid certificate on the nginx proxy layer too and > not just on the publc endpoint managed by Cloudflare. Of course real ip > stuff need to be correctly forwarded to the app servers (it's the latest > entry in the x-forwarded-for header or is the value of CF-connecting-IP > header provided by Cloudflare). > > I've tried several times to use the CF certificate and I could never get > it to work in NPM :-( > > — > Reply to this email directly, view it on GitHub > <https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1791#issuecomment-1031443280>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAL7CVEETGZFDBRYHIHRDW3UZ67BVANCNFSM5MSCJM3A> > . > You are receiving this because you commented.Message ID: > ***@***.***> >
kerem commented 2026-02-26 07:30:31 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Feb 26, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:1963182128 --> @github-actions[bot] commented on GitHub (Feb 26, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:
kerem commented 2026-02-26 07:30:31 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Apr 11, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:2795662604 --> @github-actions[bot] commented on GitHub (Apr 11, 2025): Issue was closed due to inactivity.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#1325
No description provided.