My cloudflared host is able to reach my http endpoint when I test it with cURL. However when I try to access the public URL
brein.munibshah.com I get following error
“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared”
My config file has the following settings:
- service: http_status:404
I ran a packet capture on my cloudflared host and I can see full TCP handshake between the agent and the server. Not sure if I am missing something basic.
What do the cloudflared logs report?
One other thing you can check is replicate the request cloudflared is making. From the same server where cloudflared is running, run something like:
curl http://brein.munibshah.com --connect-to::192.168.1.210:9880 --verbose
What do you see there? If it succeeds, check the cloudflared logs as @Cyb3r-Jak3 mentions for further information.
I notice your origin returns a 200 if you use cURL to the public hostname:
~ curl https://brein.munibshah.com/ -svo /dev/null 2>&1 | grep "< HTTP"
< HTTP/2 200
But if you copy a request from the browser (e.g. Chrome), your origin is failing, causing us to return the 502:
➜ ~ curl 'https://brein.munibshah.com/' \
-H 'authority: brein.munibshah.com' \
-H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H 'accept-language: en-GB,en;q=0.9' \
-H 'sec-ch-ua: "Google Chrome";v="107", "Chromium";v="107", "Not=A?Brand";v="24"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'sec-ch-ua-platform: "macOS"' \
-H 'sec-fetch-dest: document' \
-H 'sec-fetch-mode: navigate' \
-H 'sec-fetch-site: none' \
-H 'sec-fetch-user: ?1' \
-H 'upgrade-insecure-requests: 1' \
-H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/18.104.22.168 Safari/537.36' \
--compressed -svo /dev/null 2>&1 | grep "< HTTP"
< HTTP/2 502
Thus, I think your origin isn’t handling requests correctly when headers like a normal browser sets are sent to it. The best thing to do here would be to check your origin server’s logs and configuration to understand why it is failing on these types of requests.