I have a Fargate task connected to an AWS Network Load Balancer. I have made the task security group maximally permissive with
cidr_blocks = ["0.0.0.0/0"]. I can point a CNAME record to NLB and with DNS-only I can connect to my task no problem. However, when I turn on proxying I fail to be able to connect. I could understand why this might not work if I had more restrictive CIDR blocks which did not include the Cloudflare proxy servers, however with all IPs allowed I am not sure why this stops the connection working.
Does anybody have any pointers?