Does anyone have a working config of HTTP-01 with Cloudflare tunnels (cloudflared)?
The rest of my infra uses DNS-01 exclusively, and I could gen a new token for this domain, but since this particular domain is tunneled through Cloudflare I thought I’d simplify things by not requiring one, am I wrong?
Issue: I get a 403 to http://<matrixDomain>/.well-known/acme-challenge/<token>
Relevant bits of config:
services = {
nginx = {
# ...
virtualHosts = {
"${domain}" = {
listen = [
{
addr = "[::]:443";
ssl = true;
}
];
enableACME = true;
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
"${matrixDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8008";
extraConfig = ''
proxy_set_header X-Fowarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
client_max_body_size 100M;
'';
};
};
};
};
cloudflared = {
# ...
tunnels = {
"<uuid>" = {
# ...
edgeIPVersion = "6";
ingress = {
"${domain}" = {
service = "https://localhost:443";
originRequest.originServerName = domain;
};
"${matrixDomain}" = {
service = "https://locahost:443";
originRequest.originServerName = matrixDomain;
};
};
};
};
};
};