Basic setup here:
cloudflared service installed on local server, tunnel is up and happy according to all available metrics.
Single public hostname configured for local http path.
Application is configured for same hostname, with email PIN enforced and restricted to specific email domains.
This all works wonderfully when tested from various endpoints around the US: Point browser at public hostname, perform email PIN verification, bam, there’s the locally hosted legacy web service in the browser with https and working as intended.
The issue is that one user - the user that this was built for - receives an Error 502 page (Bad Gateway, host error) when attempting to access. This is after successful email verification.
I’ve coaxed debug logs out of the cloudflared service and it shows the authenticated request with the same request string, user agent, etc., as a working connection - the difference aside from the security hashes/cookies being the inbound cfray node name/IP. The very next entry produced in the cloudflared log is the 502 error generation back to the client with no further explanation.
I’m not sure how to move forward. It seems the “bad gateway” conclusion is technically incorrect, as the host service (and trust me, it’s not smart enough to care) gladly answers proxy requests from any other test endpoint. Is it a propagation issue on the back end? At first I hoped it was just a delay in propagation but it’s been almost a week at this point. Should we just delete and re-create the public hostname configuration on the tunnel and cross our fingers? Are there potential upstream/downstream contributing factors that I’m overlooking? All of the related (or potentially related) documentation or even third party discussion that I could dig up only seems to address this at a very basic level and offers no insight on resolution under these circumstances… is this really a one-off or am I simply daft?
Thanks for reading!