I don’t think so!
I’d still highly doubt it’s cloudflare trying to do funny things with your site!
What SSL mode is your certificate in on the cloudflare side? Is it “flexible” for some reason? If so, try changing to “full” and try again?
SSL settings are under Crypto tab.
It seems like the problem is your probably expired certificates. if I’m not mistaken you’re using the nginx outside the docker container to utilize the certificates originally generated by discourse. What I understand is that those certificates can not be renewed anymore (because we disable the web.ssl template) and hence, that might be causing the issue!
Do you mind following a different guide or maybe using cloudflare to manage termination by removing your internal nginx if that doesn’t serves a purpose? because technically there should be only one location that handles the ssl termination and if you use cloudflare then they should be the one handling it not you!
I can think of a lot of reasons why that might be the case! primary one being that your SSL is being cached with the cloudflare responses.
There isn’t a guide to use cloudflare with SSL on your server because that isn’t feasible at all. for SSL thing to happen (in case of letsencrypt anyway) your server needs to say hello on port 80 & 443 which in the case of cloudflare is proxied by their servers so the ACME server doesn’t gets the desired response and SSL creation/renewal fails.
for Site to work in SSL, easiest way is to use the cloudflare template on your server and use their certificate in flexible mode. You can as well remove your nginx server installed on your server and simply open port 80 in for docker. if you need additional security, you can set up firewall to disallow connections from anything other than cloudflare IPs to your server.
hmmm … I’m not sure. I’ve never had a good time with cloudflare and discourse. There had been a lot of issues in setting it up and even after I managed to get it up & running, most of the things failed on me because there are a lot of tools in cloudflare which do very aggressive caching and discourse doesn’t likes it.
final choice still would be yours if you have to have cloudflare then use the method I suggested. this is the “most likely would work” type of situation but I won’t take any responsibility if cloudflare decides to be funny and doesn’t lets it work.
that speaks for itself! this is the cloudflare proxy ssl not the one being served from your server.
thanks for your help , hopefully one last question:
there were people typing www.padpors.com to go to our forum, as a result we used the reverse proxy to redirect www to https. is there any other way, rather than using nginx out of the docker, to solve this?