My cloudflared host is able to reach my http endpoint when I test it with cURL. However when I try to access the public URL
brein.munibshah.com I get following error
“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared”
My config file has the following settings:
I ran a packet capture on my cloudflared host and I can see full TCP handshake between the agent and the server. Not sure if I am missing something basic.
What do the cloudflared logs report?
November 21, 2022, 12:53pm
One other thing you can check is replicate the request cloudflared is making. From the same server where cloudflared is running, run something like:
curl http://brein.munibshah.com --connect-to::192.168.1.210:9880 --verbose
What do you see there? If it succeeds, check the cloudflared logs as
@Cyb3r-Jak3 mentions for further information.
November 22, 2022, 10:48am
I notice your origin returns a 200 if you use cURL to the public hostname:
~ curl https://brein.munibshah.com/ -svo /dev/null 2>&1 | grep "< HTTP"
< HTTP/2 200
But if you copy a request from the browser (e.g. Chrome), your origin is failing, causing us to return the
➜ ~ curl 'https://brein.munibshah.com/' \
-H 'authority: brein.munibshah.com' \
-H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H 'accept-language: en-GB,en;q=0.9' \
-H 'sec-ch-ua: "Google Chrome";v="107", "Chromium";v="107", "Not=A?Brand";v="24"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'sec-ch-ua-platform: "macOS"' \
-H 'sec-fetch-dest: document' \
-H 'sec-fetch-mode: navigate' \
-H 'sec-fetch-site: none' \
-H 'sec-fetch-user: ?1' \
-H 'upgrade-insecure-requests: 1' \
-H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/188.8.131.52 Safari/537.36' \
--compressed -svo /dev/null 2>&1 | grep "< HTTP"
< HTTP/2 502
Thus, I think your origin isn’t handling requests correctly when headers like a normal browser sets are sent to it. The best thing to do here would be to check your origin server’s logs and configuration to understand why it is failing on these types of requests.
Thank you Simon, the origin server is a Hikvision DVR. It works on the browser when I try to access it on the local network using an IP address. So I am not sure if it is a header or property which cloudflared adds that the origin server does not like
November 29, 2022, 9:15am
Got it - so you’d need to speak to the company who maintain this server to understand what specifically they do not like about the HTTP request.