Apache virtual hosts and cloudflared

I’m beginning to work with cloudflared tunnels. The idea is to access a virtual host on an Apache server via the tunnel.

I have a working virtual host named ww2(dot)blahblah(dot)net. It shares one IP with other virtual hosts

I can access it the old-fashioned way via a ww2(dot)blahblah(dot)net entry in the host file. Works just fine.

Now for the tunnel. The tunnel is set up properly. At Cloudflare, there is a CNAME entry pointing to the tunnel. The tunnel functions.

However, if I browse to ww2(dot)blahblah(dot)net (after taking out the host file entries, of course) I get the content of the index.html in /var/www/html, and not the proper index file in /home/blah/public_html.

Apparently, Apache doesn’t find ww2(dot)blahblah(dot)net in the header, and it proceeds to deliver /var/www/html/index.html

Here is my config.yml:

tunnel: a56ec74c-f72a-49a2-93c6-a6f4cd46737e
credentials-file: /root/.cloudflared/a56ec74c-f72a-49a2-93c6-a6f4cd46737e.json
logfile: /var/log/cloudflared.log
loglevel: info

  • hostname: ww2(dot)blahblah(dot)net
    service: http(colon)//localhost:80
  • hostname: ww2(dot)blahblah(dot)net
    service: https(colon)//localhost:443
  • service: http_status:404

Any ideas?

Sorry for the (dot) and (colon) I had to get around the (quite silly) 4 link limit for noobs]

It has taken a full THREE days for a staff member to review this post, and to finally approve it.

In the meantime, I have made some progress on this end.

Using Apache, if I set the IP of the vHost to (i.e.localhost,) it works.

To access blahblah(dot)net without the subdomain, I ignored all RFCs, and did set up blahblah(dot)net as a CNAME pointing to the tunnel ID. That works.

The recommended page rule that sends blahblah.net/* to https://ww2.blahblah(dot)net/$1 did not work. It resulted in blahblah.net/* to be sent to the web server. The CNAME solution appears to be the cleanest, no irritating WW2 in front of the domain name.

Currently, I am trying to make it work with lightspeed, but no success so far. 502 errors, and nothing in the lightspeed logs. Firewall off, lightspeed works when accessed the old way.