Unable to reach the origin service on HTTP

My cloudflared host is able to reach my http endpoint when I test it with cURL. However when I try to access the public URL brein.munibshah.com I get following error

“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared”

My config file has the following settings:

ingress:

  • hostname: brein.munibshah.com
    service: http://192.168.1.210:9880
  • service: http_status:404
    warp-routing:
    enabled: true

I ran a packet capture on my cloudflared host and I can see full TCP handshake between the agent and the server. Not sure if I am missing something basic.

What do the cloudflared logs report?

One other thing you can check is replicate the request cloudflared is making. From the same server where cloudflared is running, run something like:

curl http://brein.munibshah.com --connect-to::192.168.1.210:9880 --verbose

What do you see there? If it succeeds, check the cloudflared logs as @Cyb3r-Jak3 mentions for further information.

curl reports this:

Cloudflared logs:

I notice your origin returns a 200 if you use cURL to the public hostname:

  ~ curl https://brein.munibshah.com/ -svo /dev/null 2>&1 | grep "< HTTP"
< HTTP/2 200

But if you copy a request from the browser (e.g. Chrome), your origin is failing, causing us to return the 502:

➜  ~ curl 'https://brein.munibshah.com/' \
  -H 'authority: brein.munibshah.com' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  -H 'accept-language: en-GB,en;q=0.9' \
  -H 'sec-ch-ua: "Google Chrome";v="107", "Chromium";v="107", "Not=A?Brand";v="24"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: document' \
  -H 'sec-fetch-mode: navigate' \
  -H 'sec-fetch-site: none' \
  -H 'sec-fetch-user: ?1' \
  -H 'upgrade-insecure-requests: 1' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36' \
  --compressed -svo /dev/null 2>&1 | grep "< HTTP"
< HTTP/2 502

Thus, I think your origin isn’t handling requests correctly when headers like a normal browser sets are sent to it. The best thing to do here would be to check your origin server’s logs and configuration to understand why it is failing on these types of requests.

1 Like