dmarcoux
Deploying a Phoenix app on Fly.io with DNS on Cloudflare
Hey,
I have deployed a Phoenix app on Fly.io and my DNS settings are on Cloudflare. For this, I created A and AAAA records on my domain for the IP addresses from flyctl ips list. Those records are proxied by Cloudflare. The Phoenix app is running perfectly fine when accessed at the URL provided by Fly.io. However when accessed from my custom domain, it results in a 520 HTTP error. Do I need to change something in the Phoenix app configuration for this to work?
Most Liked
PJUllrich
I ran into the same issue today and just wanted to share my steps to set this up successfully:
- Add domain to Cloudflare.
- Run
fly certs add mydomain.com - Set the
AandAAAArecords shown in Cloudflare DNS. - (Optional) Check that the
CNAME www mydomain.comrecord exists in Cloudflare DNS. Create it otherwise. - Disable the
proxied (orange cloud)option for all these records. - (Maybe, not sure whether necessary) Disable Universal SSL in Cloudflare because it might otherwise block the certificate acme verification challenge.
- Wait until
fly certs show mydomain.comshows that your certificate was created successfully. - Check that you can reach your website at
mydomain.com
- Enable the
proxied (orange cloud)option for your three DNS records again (A,AAAA, andCNAME). - Set the SSL/TLS encryption mode to
Full (strict) - Enable Universal SSL again.
- Wait maybe 30s and check your website again. Hopefully it works now!
If not, these are possible troubleshooting steps:
- Disable the
proxied/orange cloud, wait 30s and see whether it works now.- If yes, then at least your Fly.io certificates were issued correctly.
- Disable
Universal SSLin Cloudflare. This option likes to interfere with the Fly.io certificate creation.- Enable this option again once your certificate was issued and populated through the network. You can check this at e.g. https://dnschecker.org/
- Set the
SSL/TLS Encryptiontoflexible.- I’ve no clue what this does but sometimes it fixes the issue. So, try this and see whether it helps, but eventually, you should set this to
Full (strict).
- I’ve no clue what this does but sometimes it fixes the issue. So, try this and see whether it helps, but eventually, you should set this to
Tools and Threads that helped (in no particular order)
dmarcoux
I have found what was wrong. I had to put the SSL/TLS encryption mode to Full in the SSL/TLS settings for my domain. Hopefully this helps someone else in the future.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








