Do I not understand multiple application subdomains (zero trust)?

What is the name of the domain?

NA

What is the issue you’re encountering

A subdomain is redirecting to the “wrong” endpoint - zero trust tunneling

What steps have you taken to resolve the issue?

I have multiple subdomains set up using tunneling (eg a.example.com, b.example.com, etc). Most use the same security, so I thought I could set up one application and list up to 5 subdomains - and get the benefit that authenticating to one would be doing so for all. However, sometimes it works, but other times b might show the web app for a, and change the browser url accordingly as if a redirect had occurred. It’s not as if it goes to the first in the list either, so I don’t really understand what it’s trying to achieve. Or is there something else I need to configure for this to work (maybe at the cloudflared end)?

If I set up one application per public hostname it works - and I do have an access group to minimise the duplication. Are the multiple subdomains under an application only there as a form of aliasing to the same backend? I would have thought my use-case would be more use-ful, but it does explain why it’s limited to 5. The documentation doesn’t seem very clear to me - Authorization cookie · Cloudflare Zero Trust docs.

Also I clearly don’t know how to use this forum without it feeling like I’m supposed to be reporting a bug. Am I in the wrong place? And it was REALLY annoying to lose everything I typed because it thought I had more than 4 urls listed.

I think I have perhaps worked it out. I have a local DNS for one of them, and that’s the one they sometimes redirect to. Deleting that local DNS and retrying … yes that seems to fix things.

Unfortunately I had a local DNS for pairdrop because without it, it knows you’re coming from outside the network, so the sharing behaves differently. So I might just move that to its own application.

Further documentation as to what’s really going on would be helpful.

I think I can get this to work the way I want. I want the same URL to work at home or outside of home, but if at home not to bother going via Cloudflare. At home I have local DNS pointing to NGINX for SSL using a Cloudflare-provided cert. On Cloudflare I have the same subdomains using tunneling.

I’m assuming that with multiple subdomains in a Zero Trust application it is trying to redirect via the first subdomain to share the authentication. If this first one also has local DNS, then it doesn’t work, because rather than redirecting back to Cloudflare it tries to handle it locally. Therefore, if the first subdomain in the list is a dummy public hostname (that does point somewhere), but it does not have a local DNS, then the remaining four subdomains can have local DNS. That’s my cunning plan anyway.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.