I’ve been trying to make Cloudflare Tunnel work on my home network for a while now but no matter what I do all I get is a plain white page that says
As far as I can tell, cloudflared is installed correctly (CentOS 7 x64) and shows up healthy in my dashboard. I also have access working correctly, as it doesn’t give me the 403 until after I log in. I feel like I’ve been through every possible screen, turned off and on firewall settings and whatnot. There’s no firewall between the tunnel server and the box running the service I want to make accessible. And I can’t find anything in the logs (either on my cloudflared box or in the Zero Trust dashboard). I would greatly appreciate any ideas/suggestions on things to check/double-check. Thanks in advance!
This sounds odd!
Are you able to share the domain that reproduces the problem, and/or Ray IDs (
cf-ray header) of reproducing requests?
The domain is chrisadmin DOT com (sorry, I guess I haven’t been around long enough to be allowed to post links) and the ray headers for two different applications are:
I also get this error.
The same cloudflared configuration was working fine few months ago. But after cloudflared updates few months ago I am getting this error as well.
All I see people saying that it isn’t generated by cloudflared, but it sure affected by cloudflared.
We’ve also been seeing 403 errors across the board in our org since Thursday of last week for Access Applications, when everything was running just fine prior. We have an urgent ticket in, but haven’t heard any updates since.
Oddly, it seems to only affect Chrome and Safari: Firefox functions as expected and without issue.
Same here, I have previously running tunnel which failed once I updated the ingress rules. I tried:
- re-creating the whole thing
- changing protocol (http2, quic, etc)
- enabling caching dev mode
Security Level to
Browser Integrity Check
- added a “everyone/bypass” access rule
- rollback to version down to 2022.10.x
The tunnel is used inside a kubernetes cluster so I also tried:
- routing directly to the pod
- routing to the service (non tls)
- routing to ingress controller with internal tls (no verify)
- routing to ingress controller with cloudflared origin tls
Enabling debug / trace logs doesn’t give much more info, the request just never seems to get to the
I can’t get any extra info with the
cf-ray (there are no events logs in the
Security => Events view or in the “argo control panel”. So I really can’t figure out where the 403 comes from.
Good thing this is just for self-hosted, wouldn’t want this happen on production server.
So little update, if that changes anything, I’ve “solved” my problem by using a another zone / domain I own. I went through all my zone setting to make sure what’s the difference and I can’t figure out what’s the issue yet…