I have an EC2 instance running a web server (NGINX), and I'm trying to set up authentication via Cloudflare. Here's what I've done:
- Added a security group to the EC2 instances with an inbound rule allowing all traffic (all protocols and ports) from our office IP address. This was so that I can communicate with the server.
- Added another security group with several inbound rules to the allowing inbound HTTP traffic from all Cloudflare IP addresses (https://www.cloudflare.com/en-gb/ips/).
With this configuration, I can access the website using the EC2 instance's IP address, but not the domain name.
To troubleshoot, I modified the rules of the second separate security group associated with the EC2 instance (2nd step above). I allowed inbound traffic for all protocols from Cloudflare IPs and now I can reach the server but I encounter an error in my browser:
ai.example.com normally uses encryption to protect your information.
When Chrome tried to connect to ai.example.com this time, the website
sent back unusual and incorrect credentials. This may happen when an
attacker is trying to pretend to be ai.example.com or a Wi-Fi sign-in
screen has interrupted the connection. Your information is still
secure because Chrome stopped the connection before any data was
exchanged.
You cannot visit ai.example.com right now because the website uses
HSTS. Network errors and attacks are usually temporary, so this page
will probably work later.
I'm unsure why I'm experiencing these issues. Could someone please help me understand what might be causing this problem and how I can resolve it? I want to ensure proper authentication via Cloudflare while being able to access the web server using the domain name.
