How to make cloudflare tunnel automatic failover?

I have 2 HAProxy Server( Primary, and standby secondary for failover), I want to use Cloudflare tunnel to go to primary server, and in case of failover will go to secondary.
Or can I use Cloudflare tunnel to run in primary and secondary in same time, and will use the other if one of the server is down? How to do it?

Looks like they integrate with CF Load Balancers, but I personally don’t use tunnels in this configuration:

https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/routing-to-tunnel/lb/

Yup I am using Cloudflare Load Balancer with Cloudflare Tunnel based origins. Just be sure if you use CF Load Balancer, to use Tunnels in http2 configuration and not quic configuration as http2 configuration is much more stable behind CF Load Balancer for me.

But I am not using Cloudflare load balancer, but my own HAProxy

Do you mean you have

CF proxy > Haproxy > Origin

and want to add CF Tunnel cloudflared instances into the mix? Cloudflared Tunnels don’t do load balancing or failover themselves in the traditional sense. That logic has to be done upstream at the load balancer level.

So you either to do

  1. CF proxy > CF Tunnel cloudflared instance > Haproxy > Origin where failover done at Haproxy level or
  2. CF proxy > Haproxy > CF Tunnel cloudflared instance > Origin where failover done at Haproxy level or
  3. CF proxy > CF Load Balancer > CF Tunnel cloudflared instance > Haproxy > Origin where failover done at CF Load Balancer level or
  4. CF proxy > CF Load Balancer > Haproxy > CF Tunnel cloudflared instance > Origin where failover done at CF Load Balancer level

Only 1 & 3 configurations would make any sense with 3 being best as you want the CF Tunnel to be the inbound traffic point to each origin server for optimal performance with a persistent http2 or quic connection to CF edge servers via cloudflared Tunnel instance.

1 Like

Yes, my question is about the first configuration
CF proxy > CF Tunnel cloudflared instance > Haproxy > Origin

How to setting cloudflared in the Haproxy, so that it will high available and prevent single point of failure(cloudflared)?

For failover purposes (without load balancing) you can just rely on CF tunnel completely without the need of HAproxy because you can just install cloudflared in two machines and create multiple connections using the same tunnel. Cloudflare does not guarantee which server will go first though - it will pick any available tunnel connections to communicate with.

https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/deploy-cloudflared-replicas/

What strategy does CF use?

How if I want to make some rule like path /about to specific server, path /service to specific server?

I would say, random. If you need more granular control over the balancing strategy and rules then you will need Cloudflare Load Balancer feature.

As stated above, Cloudflare Load Balancer will help. However if you don’t want to spend some money on Cloudflare Load Balancer then you still can utilize the existing HAproxy in your environment. But if you maintain HAproxy then you just need one tunnel connection like this CF proxy > CF Tunnel cloudflared instance > Haproxy > Origin. That cloudflared instance will point to your HAproxy directly, let HAproxy does its job.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.