Reverse proxy Cloudflare Pages site

Hello,
We are migrating an web site which is available only to users connected to our VPN from Netlify to Cloudflare Pages.
The current setup is the following:

  • to access the site, we have a DNS entry our.private.tld on our own DNS servers which points to a reverse proxy in our internal network
  • the proxy has its own SSL certificate for *.private.tld
  • this proxy forwards the requests to https://our.private.tld/something.js to the website deployed on Netlify on URL https://project.netlifyapp.com/something.js
  • the site is then made available to the users through the proxy

We tried to setup the same thing with the site hosted on Cloudflare Pages, but unfortunately Cloudflare does not respond to the proxied requests.

I would like to know why this does not work with CF Pages, and what would be the safest way to mimic the setup we currently have in production.
Thanks for your help

Hey,

I’m not sure this setup will work with Pages. Note we do have our Access product: https://www.cloudflare.com/en-gb/products/zero-trust/access/ which would work over your site.

What exactly is the response you’re getting from Cloudflare? Are you getting any errors returned?

We actually have two proxies:

  • an HAproxy which does SSL termination and forward requests to
  • an nginx proxy which forwards requests to CF Pages

I get the following error in the nginx proxy logs:

SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: 172.22.0.1, server: , request: “GET / HTTP/1.1”, upstream: “https://188.114.96.2:443/
upstream server temporarily disabled while SSL handshaking to upstream, client: 172.22.0.1, server: , request: “GET / HTTP/1.1”, upstream: “https://188.114.96.2:443/