Cloudflare SSL not functioning over tunnel

My ZeroTrust tunnel is working well; I was able to forward a number of apps from my CGNATed network to public addresses. However, the Cloudflare Universal SSL for my domain is not functioning through the tunnel. I’m able to load up the domains over HTTP without issue, but as soon as I switch to HTTPS, I get a Connection Refused error.

For instance, my grafana subdomain is forwarded through to 127.0.0.1:3000, as grafana is served by the server on which cloudflared is running. All configurations were added through the Cloudflare online dashboard. Regardless of whether http or https is used as the proto, or any TLS settings are tweaked, HTTPS simply refuses to connect. My domain in Cloudflare is set to a Flexible SSL, though switching to Full made no difference.

Is the connection refused to Cloudflare or from Cloudflare to the origin service? If to the origin service then I would check to make sure Grafana is running over HTTPS. You also might not need HTTPS if both are running on the same host.

I may have discovered the error; I had pihole (hosts file) DNS entries directing my machine towards the local IP. deleting these and flushing cache seems to have resolved. I’m loading up https just fine over mobile data :slight_smile: all of the SSLs in nginx are expired because of the CGNAT problem, so that makes sense why I couldnt get anything over https!

2 Likes