1.Fix GPG key error

AlmaLinux 8 - AppStream                                                         3.3 MB/s | 3.4 kB     00:00
Importing GPG key 0xC21AD6EA:
 Userid     : "AlmaLinux <packager@almalinux.org>"
 Fingerprint: E53C F5EF 91CE B0AD 1812 ECB8 51D6 647E C21A D6EA
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
Is this ok [y/N]: y
Key imported successfully
Import of key(s) didn't help, wrong key(s)?
Public key for libmaxminddb-1.2.0-10.el8_9.1.x86_64.rpm is not installed. Failing package is: libmaxminddb-1.2.0-10.el8_9.1.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

solution:

rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux

dnf update ca-certificates

dnf install dnf-plugins-core

dnf config-manager --set-enabled powertools

dnf install elrepo-release epel-release -y

2.Install latest Nginx

Step 1. Update your system packages to the latest versions by running the following command.

sudo yum update

Step 2. AlmaLinux does not provide the latest Nginx packages in its default repository. However, the Extra Packages for Enterprise Linux (EPEL) repository provides the latest version. Install the EPEL repository by running the following command:

sudo yum install epel-release

Step 3. Once the EPEL repository is installed, run the following command to install Nginx.

sudo yum install nginx

Step 4. Once installed, start the Nginx service using the following command:

sudo systemctl start nginx

Step 5. To start Nginx automatically at system boot, enable Nginx using the following command:

sudo systemctl enable nginx

3.Add firwall rules

sudo systemctl status firewalld

● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2024-04-04 23:09:22 EDT; 10min ago
     Docs: man:firewalld(1)
 Main PID: 16658 (firewalld)
    Tasks: 3 (limit: 50468)
   Memory: 37.8M
   CGroup: /system.slice/firewalld.service
           └─16658 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=http

sudo firewall-cmd --zone=public --add-service=https --permanent
sudo firewall-cmd --zone=public --add-service=https
sudo firewall-cmd --reload

2.Invalid certificate for “localhost” on Cloudflared

 failed to verify certificate: x509: certificate is valid for *.tedditinc.com, tedditinc.com, not localhost"

I solved it by using the noTLSVerify option in Cloudflared’s config.yml. When a client connects to my domain, it goes like this:

Client > Cloudflare > Cloudflared instance running on my machine > Origin (which also happens to be my machine: https://localhost)

The certificate sent back by the Origin was not valid for the address Cloudflared was accessing it from “localhost”, but by adding these lines to config.yml:

originRequest:
  noTLSVerify: true

I think Cloudflared does not check the certificate received from the origin, although it still returns the certificate to Cloudflare, which checks it against my domain.