How to support wss and https on the same domain?

It seems argo tunnel can only establish either wss or https connection if only one domain can be used. Is there a solution for accessing wss contents in https page using argo tunnel? Thanks!

1 Like

Argo tunnel probably only works on the ports a regular connection would work on, so attempts to connect to 1341 and 7171 will probably fail.

You’ll need to run a load balancer or proxy server that routes requests to the proper backend service, and point argo tunnel to that service.

What most websocket setups use is nginx as a proxy/load balancer between all of their application servers, and setting up a URL prefix for each of their services.

eg, an example nginx config for this:

server {
    location /ws/ {
        proxy_pass http://wsbackend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    location /static/ {
        proxy_pass http://staticbackend;
        proxy_http_version 1.1;
    location / {
        proxy_pass http://mainbackend;
        proxy_http_version 1.1;

There are other load balancing servers that can do something like the above, but I only have experience with nginx on this topic.

One more thing you could try is multiple hostnames for each of your backend services and just pointing static/dynamic/Websocket links to the proper subdomain, however that may make development more of a pain.

I have to start the tunnel in a terminal every time I want my site to be reachable. It also stops working when I restart my Mac. What I really want is for the tunnel to run as a system service controlled by macOS’s launchd . This means it’s started automatically and can be controlled like any other system service. To do this, I first define my tunnel by creating ~/.cloudflared/config.yml :

url: http://mysite.local:80

The cloudflared binary knows how to install itself as a user service, and will do so when I run:

$ cloudflared service install

Now the tunnel gets established automatically, and if I want to disable external access to my site at any time, I can stop and start the service using these launchctl commands:

$ launchctl stop com.cloudflare.cloudflared
$ launchctl start com.cloudflare.cloudflared
1 Like

We have expanded cloudflared to route traffic to multiple services, using hostname and path to match You can use the same ingress rule for HTTP and WS service. Cloudflared will detect if an incoming request is ws/wss and establish a connection accordingly.