this post was submitted on 14 Jun 2023
30 points (100.0% liked)

Programming.dev Meta

2365 readers
2 users here now

Welcome to the Programming.Dev meta community!

This is a community for discussing things about programming.dev itself. Things like announcements, site help posts, site questions, etc. are all welcome here.

Links

Credits

founded 1 year ago
MODERATORS
30
DNS Outage (programming.dev)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

At 6:49 Denver/America time today I migrated the DNS nameservers to Cloudflare. This propogated quickly, but inadvertently I had set the SSL/TLS Encryption mode to Flexible, which resulted in Cloudflare attempting to encrypt traffic between itself and the server. But programming.dev already has its own certificate. Cloudflare expects http traffic to come from the origin server, not https, so when it received https it simply tried over and over again, resulting in failure to connect.

Switching the SSL/TLS setting to Full (Strict) fixed the issue. Sorry about that everyone! I'll try to not break stuff that badly in the future.

top 9 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 1 year ago

Thank you for all the hard work!

[–] [email protected] 5 points 1 year ago (1 children)

Thanks for everything you do to keep this instance running. I'm still getting a 500 error sometimes. Do you know if it's just a temporary issue?

[–] [email protected] 4 points 1 year ago (1 children)

Hi, it appears we got linked on HackerNews and nginx was not set up properly to handle it. I've increased the worker connection count and you should see stuff working now. If not then we still have more work to do.

[–] [email protected] 2 points 1 year ago

Again, thanks for your hard work!

[–] [email protected] 4 points 1 year ago (1 children)

I'm still seeing intermittent Cloudflare and Nginx errors—is the issue ongoing?

[–] [email protected] 2 points 1 year ago

We got linked on hackernews and nginx wasn't properly configured for it. It should hopefully be resolved now!

[–] [email protected] 2 points 1 year ago

Hypothetical: If we ever upgraded to http/3, how does Cloudflare handle this? My understanding is that http/3 can only use the https protocol, given QUIC transport underneath http/3 only supports TLS 1.3, and never clear text.

Would Cloudflare then have to proxy https with man-in-the-middle certs, or would our backend always be limited to http/1.2? I've not found and proxy examples for having end-to-end http/3 and QUIC support just yet.

[–] [email protected] 2 points 1 year ago

Any chance programming.dev will move away from Cloudflare? There's an irony in hosting a decentralized Reddit alternative in response of its abusing monopolistic power and putting the server behind a MITM that sees over 20% of the web's traffic in clear text and forces people in less wealthy areas to help train image recognition models.

[–] [email protected] 1 points 1 year ago

Thank you for working to resolve the issue. Your volunteer efforts are appreciated.