It seems argo tunnel can only establish either wss or https connection if only one domain can be used. Is there a solution for accessing wss contents in https page using argo tunnel? Thanks!
1 Like
Cloudflare Tunnel probably only works on the ports a regular connection would work on, so attempts to connect to 1341 and 7171 will probably fail.
You’ll need to run a load balancer or proxy server that routes requests to the proper backend service, and point Cloudflare Tunnel to that service.
What most websocket setups use is nginx as a proxy/load balancer between all of their application servers, and setting up a URL prefix for each of their services.
eg, an example nginx config for this:
server {
...
location /ws/ {
proxy_pass http://wsbackend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /static/ {
proxy_pass http://staticbackend;
proxy_http_version 1.1;
}
location / {
proxy_pass http://mainbackend;
proxy_http_version 1.1;
}
}
There are other load balancing servers that can do something like the above, but I only have experience with nginx on this topic.
One more thing you could try is multiple hostnames for each of your backend services and just pointing static/dynamic/Websocket links to the proper subdomain, however that may make development more of a pain.
I have to start the tunnel in a terminal every time I want my site to be reachable. It also stops working when I restart my Mac. What I really want is for the tunnel to run as a system service controlled by macOS’s launchd . This means it’s started automatically and can be controlled like any other system service. To do this, I first define my tunnel by creating ~/.cloudflared/config.yml :
hostname: ennos-mbp.enno.horse
url: http://mysite.local:80
The cloudflared binary knows how to install itself as a user service, and will do so when I run:
$ cloudflared service install
Now the tunnel gets established automatically, and if I want to disable external access to my site at any time, I can stop and start the service using these launchctl commands:
$ launchctl stop com.cloudflare.cloudflared
$ launchctl start com.cloudflare.cloudflared
1 Like
We have expanded cloudflared to route traffic to multiple services, using hostname and path to match Ingress rules · Cloudflare Zero Trust docs. You can use the same ingress rule for HTTP and WS service. Cloudflared will detect if an incoming request is ws/wss and establish a connection accordingly.