At 6:49 Denver/America time today I migrated the DNS nameservers to Cloudflare. This propogated quickly, but inadvertently I had set the SSL/TLS Encryption mode to Flexible, which resulted in Cloudflare attempting to encrypt traffic between itself and the server. But programming.dev already has its own certificate. Cloudflare expects http traffic to come from the origin server, not https, so when it received https it simply tried over and over again, resulting in failure to connect.
Switching the SSL/TLS setting to Full (Strict) fixed the issue. Sorry about that everyone! I’ll try to not break stuff that badly in the future.
Thank you for all the hard work!
Hypothetical: If we ever upgraded to http/3, how does Cloudflare handle this? My understanding is that http/3 can only use the https protocol, given QUIC transport underneath http/3 only supports TLS 1.3, and never clear text.
Would Cloudflare then have to proxy https with man-in-the-middle certs, or would our backend always be limited to http/1.2? I’ve not found and proxy examples for having end-to-end http/3 and QUIC support just yet.
I’m still seeing intermittent Cloudflare and Nginx errors—is the issue ongoing?
Any chance programming.dev will move away from Cloudflare? There’s an irony in hosting a decentralized Reddit alternative in response of its abusing monopolistic power and putting the server behind a MITM that sees over 20% of the web’s traffic in clear text and forces people in less wealthy areas to help train image recognition models.
Thanks for everything you do to keep this instance running. I’m still getting a 500 error sometimes. Do you know if it’s just a temporary issue?
Hi, it appears we got linked on HackerNews and nginx was not set up properly to handle it. I’ve increased the worker connection count and you should see stuff working now. If not then we still have more work to do.