Comment on Randomly getting ECH errors on self-hosted services.
sk@hub.utsukta.org 1 month ago
this issue is an ongoing discussin over at NPM too, very mysterious
https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3982
https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3982
Darkassassin07@lemmy.ca 1 month ago
Thanks. That seems to be a similar, but slightly different error. I think the below may apply though.
I believe I’ve tracked down more of my issue, but fixing it is going to be a hassle:
When cloudflare proxying is enabled, there are 3 DNS records involved; A record with cloudflares ipv4, AAAA record with cloudflares IPV6, and the key to this puzzle: an HTTPS record with cloudflares ech/https config.
With pihole I can set DNS records for A/AAAA, but I have no way of blocking/setting the HTTPS record so it gets through from cloudflare.
The A/AAAA records don’t match the HTTPS record, so browsers freak out.
Once I disabled cloudflares proxying, I no longer get HTTPS records returned and all works as intended.
I’ll either have to keep cloudflare proxying disabled, or switch pihole out for a more comprehensive DNS solution so I can set/block HTTPS records :(
bobslaede@feddit.dk 1 month ago
I’ve fixed the same issue for me.
Originally I had this in my Local DNS settings in my Pi-Hole:
I changed that to this:
And then I added CNAME Records to the services like this:
This fixed the whole thing for me :)
Darkassassin07@lemmy.ca 1 month ago
@bobslaede@feddit.dk I could kiss you. You’ve been invaluable my friend, thank you!
Just gave this a test: CNAME ombi.domain -> local.domain with cloudflares proxy re-enabled.
Now the HTTPS, A, and AAAA requests all receive the CNAME response and browsers are happy. I didn’t even have to modify ngnix to recognize local.domain like I thought I might.
bobslaede@feddit.dk 1 month ago
Awesome! I’m glad that it worked. It took me a while to figure out, when it happened to me. Glad that I could make your life easier :)