Shows up sometimes, after a few updates it goes away … Is there a reason for this?
Hey Riha. Could you share a Ray-ID for a request that gets blocked? Feel free to DM me.
I’m seeing the same issue after setting up Fastly CDN in front or my Render service a couple days ago. The issue is intermittent and Fastly has confirmed that it’s not on their end as far as they can tell.
@riha the issue in my cased ended up being a hostname mismatch with the CDN. We have a custom domain name pointing to the CDN and the CDN was forwarding to my-service.onrender.com
, but passing through the custom domain name unmodified in the host header. Render’s Cloudflare setup has a sanity check that matches the TLS certificate domain name (my-service.onrender.com
) with the host header then rejects the request with a 403. Confusingly it on occasionally causes issues. The fix was to override the host header to match the Render service name.
I experienced a similar issue with the 403 error. We have an app running on render that sits behind an nginx proxy of our main website. The plan was to have a particular part of the website, at a given path, to be served by render.
Within render, you can add custom domains, but you have to set a DNS record and verify, which won’t work for us, as the main website points elsewhere. The solution I currently have in mind is to override the host header in the nginx proxy pass to use the onrender.com
domain assigned to the app:
proxy_set_header Host oursite.onrender.com;
Does anyone know of an alternative solution?
If it’s behind a proxy then using the onrender.com should be fine as it would never be exposed directly,
Regards,
John B