Content not accessible when using a load balancer + cloudflared tunnels

What is the name of the domain?

pipelinesascode.qa.blueguardian.co

What is the issue you’re encountering

Content unavailable via load balancer, but is available when browsing directly to the endpoints FQDN

What steps have you taken to resolve the issue?

Confirmed configuration is as per Cloudflare documentation.
Confirmed content is accessible when not going via the load balancer.

What are the steps to reproduce the issue?

On a Kubernetes cluster (OpenShift in this case), deploy cloudflared

Configure the tunnel to expose the TekTon Pipelines as Code service (other other service for testing purposes).

Confirm you can reach those services

$ curl https://pipelinesascode.core.qa.blueguardian.co
{"status":200,"message":"ok"}
$ curl https://pipelinesascode.ap-southeast-2.qa.blueguardian.co
{"status":200,"message":"ok"}

Create a load balancer, which uses the <UUID>.cfargotunnel.com for the aforementioned services as the endpoints.

Attempt to access the content via the load balancer’s FQDN

$ curl https://pipelinesascode.qa.blueguardian.co
curl: (35) LibreSSL/3.3.6: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure

Both the load balancer, and endpoints are healthy

I’ve created a Health Check, and it looks like there is a TLS Handshake failure, which aligns with what I’m seeing with cURL, and using the browser’s developer tools

I’m not sure why this would be though

How frustrating. It was because TotalTLS doesn’t cover load balancer certs. I manually requested the cert, and now it all works fine.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.