Issue - How-To - Use Cloudflare Tunnel with HTTPS web server that forced its FQDN

Greetings,

I have been using Cloudflare Tunnel for both HTTP and HTTP services with no issues for a while.

Recently, I have been deploying onPrem webserver that requires to have its own FQDN and that FQDN has to have it in the certificate issued for that server used for HTTPS login.

So for example, whenever I hit the IP address or any CNAME record that has points to that server, it will automatically redirect to the original FQDN set on the server config.

So the trick of using “No TLS Verify” won’t work here.

Any idea how to get it working? Is there a way with Cloudflare Tunnel settings to get it working?

Thanks.

If the origin is redirecting you to a different URL then that’s not something Tunnels can help with or fix - most applications let you ‘inform them’ of their external hostname so they don’t redirect to IPs or hostnames like localhost

I lost it here, why would you access using IP or a CNAME instead of the expected hostname?

Sorry about the confusion, I just gave that as example to explain how when the web server is forcing any incoming requests that hits it; it will redirects automatically to its configured FQDN URL

For example:
If the webserver with IP address 192.168.12.13 has hostname as the following:
** https :// webserver . example .com : 9443 **

and then, if you hit that server with its IP address
*https :// 192.168.12.13 : 9443 *
it will redirect you automatically to its FQDN again ** https :// webserver . example .com : 9443 **

same if you have A record or CNAME pointed to the IP
example:

  • https :// webserverexternal .example.com :9443 *

it will redirect you as well back to the the server original server FQDN
** https :// webserver . example .com : 9443 **

I hope that explains the issue

OK, I assume you’re trying to access an app. That app is published through a public network interface, but you want to access it through an internal URL but the app is forced to be used only through the FQDN.

If that’s so, I would add it to my hosts file. /etc/hosts on Linux & Mac, %Windir%\system32\drivers\etc\hosts on Windows.

The ideal would be to run an internal DNS so when you’re connected to WARP, that FQDN resolves to the internal IP. You can achieve that by adding the domain to the Local Domain Fallback located at Zero Trust → Settings → Network → Local Domain Fallback.

Yeah I thought about that workaround, that locally to have it edited with hosts file as internal DNS and then just simply route the external with secondary public IP and it works.

Just hoped we can do some workaround with Cloudflare Tunnel to get it working instead of using regular port forwarding through my firewall.

1 Like