Route website through Argo Tunnel

Hi,

I have a standard webserver running at port 443 and is currently serving requests.
I’d like to replace it with Argo tunnel, as described in this blog:

I’ve set up the cloudflare tunnel, with the following ingress rules:

- hostname: my.site.com
service: https://localhost:443
- service: http_status:404

However, after setting up everything and accessing the site, I’m getting the below error at the tunnel console:

2021-04-17T10:52:42Z ERR CF-RAY: 64151afd98bbf8cb-NRT Proxying to ingress 1 error: Error proxying request to origin: x509: certificate is valid for *.site.com, my.site.com, not localhost

and a CF 502 error at the site (from browser).

Possibly because the cloudflared daemon is running from localhost. For some reason, the original host information is not passed to the server, but rather, as ‘localhost’ to the local server at port 443 (or) cloudflared daemon is refusing to hit the localserver as the SSL cert validation is failing.
I’m using an Origin certificate (self-signed by CF) at the origin server.

How do I get it to work?
cloudflared tunnel --no-tls-verify run (tunnel-id) (using the no-tls-verify flag) doesn’t seem to work (my server is rejecting the cloudflared request?)

I can make it all on port 80 (HTTP), but why is this setup not working?

Thanks!

You have few choices:

  1. Add your.site.com to your hosts file which points to 127.0.0.1, then modify the service to point to https://your.site.com.
  2. Add no-tls-verify: true into the config file.
2 Likes

My recommendation is Option 2.

3 Likes

Thank you! This should work :slight_smile:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.