I’m thinking a separate CDN in my work connection might also have delayed my results from bypassing CloudFlare, as I tried again with straight DNS, after restarting NGINX because I realized I didn’t have a dedicated Access Log for “just” this site, so added one…and it worked at:
Returns a nice JSON page, and the updated log reflects that:
[25/Mar/2019:12:25:01 -0400] "GET /.well-known/webfinger?resource=acct:email@example.com HTTP/2.0" 200 355 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36"
Where in the main access log, once I found the entry from the many, many attempts, the access log at least does not say much else from what I can tell, beyond the 502:
[25/Mar/2019:11:01:24 -0400] "GET /.well-known/webfinger?resource=acct:firstname.lastname@example.org HTTP/2.0" 502 575 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36"
Error logs in the main Nginx configuration were not turned on, but I’ll turn them on and re-enable cloudflare to re-produce the error, and see if it captures anything. If not, I’ll have to ask CloudFlare, in case it’s a re-write rule of some sort needed.
I also don’t desperately need the full CloudFlare full protection with this site, like I did with WordPress with the constant vulnerabilities and endless security updates