I got a database server with it’s own certificate(s), so I cannot use cloudflare tunnel directly, since it will fetch the traffic and sign it with the cloudflare SSL certificates itself.
So I tried to tunnel it using your SOCKS option
Server side configuration:
ingress:
- hostname: kube-database-cluster01-server00.[redacted].eu
service: https://database-cluster01-server00-service.production.svc.cluster.local:8080
originRequest:
caPool: /etc/cloudflared/database-ca/database-ca.pem
proxyType: socks
Client side:
cloudflared access tcp --hostname kube-database-cluster01-server00.[redacted].eu --url 127.0.0.1:8080 --loglevel=debug
with the idea that :8080 acts as the SOCKS proxy (like it does with kubectl)
Now when trying to access something:8080 with the proxy 127.0.0.1:8080
Server logs are:
2023-06-21T13:22:14Z DBG GET https:// kube-database-cluster01-server00.[redacted].eu/ HTTP/1.1
2023-06-21T13:22:14Z DBG 302 Found cfRay=[redacted]-AMS connIndex=3 content-length=0 event=1
Client logs:
2023-06-21T13:22:14Z DBG Websocket response: “HTTP/1.1 302 Found\r\nAlt-Svc: h3=":443"; ma=86400\r\nCf-Cache-Status: DYNAMIC\r\nCf-Ray: [redacted]-AMS\r\nConnection: keep-alive\r\nContent-Type: application/json; charset=utf-8\r\nDate: Wed, 21 Jun 2023 13:22:14 GMT\r\nLocation: /studio/index.html\r\nNel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}\r\nRaven-Server-Version: 5.4.105.54058\r\nReport-To: {"endpoints":[redacted],"group":"cf-nel","max_age":604800}\r\nServer: cloudflare\r\nUpgrade: websocket\r\nContent-Length: 0\r\n\r\n”
2023-06-21T13:22:14Z ERR failed to connect to origin error=“websocket: bad handshake” originURL=https:// kube-database-cluster01-server00.[redacted].eu
It is seeing the right page (the main page should redirect to Location: /studio/index.html) however I’m getting bad handshake…
Am I doing things completely wrong? Is it even possible what I’m trying to do?