Help accessing postal-web behind Cloudflare proxy #3258
-
I have configured Postal running from Portainer. On my local network I run Nginx Proxy Manager where I reverse proxy traffic from postal.mydomain to http://postal-web:5000. (screenshot attached) When I configure Cloudflare to be DNS only, this connectivity works. I've correctly opened up traffic to expose the NPM HTTP/S ports and I can confirm that it is indeed working (from within my network and externally) However, when I turn on Cloudflare's proxy for postal.mydomain I get issues when using the web UI. I'm unable to log in, or if I was already logged in and I flip between Cloudflare proxy on/off it is as if the web host stops serving content. Postal-web seems to be the only web service behind NPM that is doing this as I have other web services that I host through NPM where their subdomain CNAMEs are behind the Cloudflare proxy. (see attached screenshot) I've tried looking through other discussions / issue reports for similar problems but have not found anything yet, and I have not found anything obvious in the postal configuration schema to suggest that I am missing a config. Can someone help? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
By enabling Cloudflare proxy, you may well need to pass through extra headers in your nginx proxy manager configuration as proxies don't expect to be proxied by default. Arguably, you probably don't need to waste time applying Cloudflares proxy since it won't really help too much. |
Beta Was this translation helpful? Give feedback.
-
I do it for security purposes. By using Cloudflare proxy I benefit from sitting behind their WAF. Their static proxy IP list allows me to limit access to known sources so I can better secure access to my server through NPM access lists.
You're probably correct, but I'm having trouble finding the exact headers necessary. I'll continue digging to see if I can find anything that will work. On a side note, thanks for replying so quickly to this and my last post. I appreciate the rapid response to my questions. |
Beta Was this translation helpful? Give feedback.
-
OK, I resolved it by no longer exposing the postal-web. I did not know I could set internal/LAN ip addresses in Cloudflare DNS. I thought it was only for the purpose of exposing my public address. I removd my DNS records from my local router / pfSense for my postal server domain so that my network would pull the record from Cloudflare. I then updated the record in Cloudflare changing it from a CNAME record (which was pointing to my public address) to an A record set to my local, internal network server IP address. I removed the Cloudflare proxy because it was no longer in the picture. Now the portal-web is working just fine within my local network and is no longer exposed to the web. I was also able to ensure that port 25 is not exposed as well. Thanks for your help! |
Beta Was this translation helpful? Give feedback.
OK, I resolved it by no longer exposing the postal-web.
I did not know I could set internal/LAN ip addresses in Cloudflare DNS. I thought it was only for the purpose of exposing my public address.
I removd my DNS records from my local router / pfSense for my postal server domain so that my network would pull the record from Cloudflare. I then updated the record in Cloudflare changing it from a CNAME record (which was pointing to my public address) to an A record set to my local, internal network server IP address. I removed the Cloudflare proxy because it was no longer in the picture.
Now the portal-web is working just fine within my local network and is no longer exposed to the web. I wa…