How to fix your Mailgun, and your Ghost instance emails not sending because you messed up.
No shit Sherlock.
geek post

How to fix your Mailgun, and your Ghost instance emails not sending because you messed up.

Dabitch
Dabitch

So, yesterday I was in a big FAAFO mode, as I fucked around and found out that I broke stuff (ie; everything) when it was decided that we as a family should drive to the rolling green beautiful countryside where the gorgeous ranches and million dollar horse farms are.

So naturally I kept fooling around on my phone via JuiceSSH which has a text size for ants, and I made things worse.

First, I tried logging in to my ghost instance and realized that I had forgotten which password I use here. No biggie, I'll just click the "I forgot" button, and get a new one, right?
Nooo, that's when I get a link that is generated on a subdomain, like "email.dabitch.net". And there is no SSL layer on this subdomain. So no modern browser, on your Android, iOS, MacOS, or even your computer will let you bypass that.

I, in a car, driving through gorgeous rolling green hills with fabulous horses and 22-acre estates, still focusing on what I broke, trying to figure out how I broke it.

Can you use Certbot to generate an SSL file via Nginx for a subdomain point to Mailgun? No, of course not in 2023. But if I could I would!

I thought I could edit a nginx.conf file to use a proxy pass, a little bit like this, and carefully typed it all out, tongue out, because lord that JuiceSSHfont is teeny-tiny and my eyes are not as good these days, but no, that doesn't work.

location / {
 resolver 1.1.1.1 8.8.8.8 valid=60s;
 set $mailgun "http://mailgun.org";
 proxy_pass $mailgun;
 port_in_redirect off;
 proxy_connect_timeout 20;
 proxy_send_timeout 20;
 proxy_read_timeout 20;
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

....in 2020 I believe that you could do exactly this, I had a different setup then, which was, as it turns out, part of my problem with my website here (the one you are reading right now. )

As I was hunting down minor bugs that had developed from minor errors over several upgrades, I got really frustrated and deleted and reinstalled the whole thing - as I do - then uploaded my backup to make stuff work again. And that's how we found ourselves in a car, trying to log in, and, discovering that particular previously unseen mailgun error.

I like to break things to see how they work

Once, again, we were driving through the rolling hill countryside which is probably why I just couldn't grasp what was happening, as every so often offspring would cheerfully announce "goats!" or "look! cow MOO!!"

She's quite good at that whole living-in-the-moment thing. Me, not so much.

What does work, after much FAAFO is turning on a flipping switch in Cloudflare that I had, for unknown reasons, turned off. Proxy the subdomain, and make a page rule with flexible SSL. Use a wildcard-asterisk at the end of your subdomain for best results.

PLEASE MAKE SURE THAT YOU HAVE YOUR CNAME AND PAGE RULE SET FOR THE LOVE OF ODIN OR SOMEONE

Another note, please be careful who you use as a bulk emailer. I can't recall who The Daily Wire wanted to use as a bulk email service, but after they had signed the contract and paid the big chunk of money, the service told them to leave because "not their values". If they do that to huge media companies that pay the big bills, they will not hesitate to do it to you. Got it?

Never get addicted to cheap or free services that can turn you off at any moment.

Only and always use the services that still follow the open internet ethos. I used to tell everyone I knew to start an account at Hurricane Electric back in the day, long before they became the literal backbone of the internet, but I would steer away from anything touching them today.

-----
Also. Remind me that I have to explain why the Scandinavian (not Nordic!) ` backtick is such a pain in the ass on keyboards one day.

Yes, the `. Let's just start with the fact that it's a silent key - aka dead key - and I use it all the time. Try doing that on your phone via JuiceSSH and the teeny tiny ant-font that I can barely see. That's a quick ticket to a high-blood-pressure headache right there.

Not happy about the Nordic key situation.
Buy Me a Coffee at ko-fi.com