I used the Zero Trust GUI to create a tunnel with my Ubuntu 20.04 VPS server for a particular domain name that is registered with Cloudflare. I have tried all sorts of things in the Service field for HTTPS, to no avail.
HTTPS://443, 127.0.0.1:443, domain.com:443, 0.0.0.0:443, serverip:443, and more.
Sometimes I get a blank, black page when I visit the domain, sometimes I get just an error screen.
The OpenLiteSpeed webserver is working fine - other domains that have their DNS with Cloudflare (proxied and not proxied) load.
What should I be putting in this field? Do I need to configure the Additional application settings (TLS, HTTP Settings, Connection) as well?
I seem to have solved this by enabling No TLS Verify in the GUI. It seems to work with these services
localhost:443
0.0.0.0:443
127.0.0.1:443
But, I assume that not using TLS Verify is inferior, so how might I get this to work with it? Do I need to configure the Origin Server Name and Certificate Authority Pool?
The port, if it’s 443, it’s redundant. By default an HTTPS request goes there. The TLS verify is for the origin, if you have a cert not valid for the hostname you are trying to connect from, that will avoid the error.
The TLS verify is for the origin, if you have a cert not valid for the hostname you are trying to connect from, that will avoid the error.
I dont quite understand what this means though. What can I do to create this cert?
The cert you need to create yourself, it should be valid for the hostname you are connecting from (imagine the service is https://example.com, if the cert if for example-2.com it won’t work). If the certificate is self-signed or valid for another hostname, you enable the no TLS verify setting. Otherwise you don’t as it’s more secure.
While this is a good step, it doesn’t actually do anything of what OP wanted. This makes users get redirected to HTTPS all the time, here we are talking server side.
