Unable to reach the origin service on HTTP

My cloudflared host is able to reach my http endpoint when I test it with cURL. However when I try to access the public URL brein.munibshah.com I get following error

“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared”

My config file has the following settings:


  • hostname: brein.munibshah.com
  • service: http_status:404
    enabled: true

I ran a packet capture on my cloudflared host and I can see full TCP handshake between the agent and the server. Not sure if I am missing something basic.

What do the cloudflared logs report?

One other thing you can check is replicate the request cloudflared is making. From the same server where cloudflared is running, run something like:

curl http://brein.munibshah.com --connect-to:: --verbose

What do you see there? If it succeeds, check the cloudflared logs as @Cyb3r-Jak3 mentions for further information.

curl reports this:

Cloudflared logs:

I notice your origin returns a 200 if you use cURL to the public hostname:

  ~ curl https://brein.munibshah.com/ -svo /dev/null 2>&1 | grep "< HTTP"
< HTTP/2 200

But if you copy a request from the browser (e.g. Chrome), your origin is failing, causing us to return the 502:

➜  ~ curl 'https://brein.munibshah.com/' \
  -H 'authority: brein.munibshah.com' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  -H 'accept-language: en-GB,en;q=0.9' \
  -H 'sec-ch-ua: "Google Chrome";v="107", "Chromium";v="107", "Not=A?Brand";v="24"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: document' \
  -H 'sec-fetch-mode: navigate' \
  -H 'sec-fetch-site: none' \
  -H 'sec-fetch-user: ?1' \
  -H 'upgrade-insecure-requests: 1' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36' \
  --compressed -svo /dev/null 2>&1 | grep "< HTTP"
< HTTP/2 502

Thus, I think your origin isn’t handling requests correctly when headers like a normal browser sets are sent to it. The best thing to do here would be to check your origin server’s logs and configuration to understand why it is failing on these types of requests.

1 Like

Thank you Simon, the origin server is a Hikvision DVR. It works on the browser when I try to access it on the local network using an IP address. So I am not sure if it is a header or property which cloudflared adds that the origin server does not like

Got it - so you’d need to speak to the company who maintain this server to understand what specifically they do not like about the HTTP request.