Tunnel Config Ignores noTLSVerify ingress rule

Set up a simple tunnel just to route traffic to a service on my network using the CLI. The config file create passes the validation without throwing an error. However, when a connection attempt is made this error is thrown:
“error=“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: tls: first record does not look like a TLS handshake””

My config file is as follows, I’ve removed public IP/UUIDs for privacy:

tunnel: (TUNNEL UUID REMOVED)
credentials-file: /root/.cloudflared/(TUNNEL UUID REMOVED).json
originRequest:
noTLSVerify: true

ingress:

  • hostname: (hostname-here)
    service: https://(PUBLIC IP):80

  • service: http_status:404


Ignore the weird formatting of the config file contents, the markdown took over on the post lol

I believe you need noTLSVerify on each rule

tunnel: (TUNNEL UUID REMOVED)
credentials-file: /root/.cloudflared/(TUNNEL UUID REMOVED).json
originRequest:

ingress:

    - hostname: (hostname-here)
      service: https://(PUBLIC IP):80
      noTLSVerify: true

    service: http_status:404
1 Like
tunnel: (TUNNEL UUID REMOVED)
credentials-file: /root/.cloudflared/(TUNNEL UUID REMOVED).json

ingress:
  - hostname: (hostname-here)
    service: https://(PUBLIC IP):80
    originRequest:
      noTLSVerify: true

  - service: http_status:404

Also https:// and :80 doesn’t make sense to me.

https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/#origin-configuration

Whilst you can do it at the top-level, your YAML is invalid due to the lack of indentation.

Dashboard managed tunnels are a lot easier - https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/#set-up-a-tunnel-remotely-dashboard-setup

3 Likes