No SSH Browser render when domain is in CNAME setup

My domain with Cloudflare is in CNAME setup. I have setup a Cloudflare Tunnel and configured SSH browser render. I have run the command “cloudflared tunnel route dns ssh.sub.my-domain” and configure the CNAME to ssh.sub.my-domain.cdn.cloudflare.net

When trying to access, SSH Browser render page will show up and immediately fail. “Unable to connect to origin. Please confirm that the tunnel is set up correctly and the origin is healthy.”. I check the browser console, wss connection is getting a 404 error. I also look at server log that it never see any SSH connection attempts.
I have a different domain that’s hosted fully on Cloudflare. When I point a subdomain of that domain to the same tunnel, SSH access is without issue.

Is Browser Rendering not compatible with CNAME setup?

That sounds a bit tangled up.

A Tunnel should have a CNAME that points to TUNNEL-ID.cfargotunnel.com

The CNAME itself should follow the usual rules of a :orange: Proxied hostname. In my case it’s ssh.example.com (not ssh.sub.example.com). As it’s Browser Render, it still needs a proper SSL certificate, which I have because it’s just a first level subdomain.

If your DNS isn’t managed here, I hope you can set that hostname to be proxied with the CNAME I described above. That should bring it in line with a standard Cloudflare setup.

The proper SSL cert did get generated correctly.
When I try to get my domain directly CNAME to tunnel-id.cfargotunnel.com, it gets DNS failure as apparently cfargotunnel.com isn’t available outside of Cloudflare network. So I have to cname my domain name to xxx.xxx.xxx.cdn.cloudflare.net

To be clear, CNAME setup means my domain’s DNS is not hosted by Cloudflare. I am cname my domain name to xxx.xxx.xxx.cdn.cloudflare.net to get into Cloudflare network. It works fine for web pages. But so far, I can’t get tunnel to work.

That’s why I was hoping a CNAME setup included some “inside” connection to Cloudflare where a Proxied CNAME would behave the same way it would for an organic Cloudflare setup.

Ok. So, if CNAME setup isn’t currently available, maybe it should be documented?

If you’re using someone else’s Cloudflare setup, it’s quite different from what Cloudflare offers users directly.

What do you mean by “using someone else’s Cloudflare setup”?

Are you on a Business Plan?

No, just Pro plan. Original set it up via cPanel

Who’s Pro Plan? Which name servers are you using? Cloudflare’s, or your host’s?

I paid the Pro plan with my own Cloudflare account. I am using my own name server not Cloudflare’s

That’s a bit unusual. Is this a Partner setup?

https://portal.cloudflarepartners.com/English/

Probably. But I am not sure. I was running my own server with Plesk. (Now I remember it’s Plesk not cPanel). It has an option to setup Cloudflare. So I click through and also get an Cloudflare account. I no longer run Plesk now. But the account is already setup and I could continue to use. The only draw back is that if I need to add additional subdomain to use Cloudflare, I have to use API to turn on cloudflare proxy.