Video streaming on cloudflare tunnels with private addressing

Hi, i’m looking to stream pikvm onto Cloudflare tunnels. I can access the pikvm using tunnel with public hostname and no warp. However i want to do this over private address range.
Here is what i do: add route on the pikvm to include the subnet. and on the zero trust dashboard, with split tunnel feature i remove the subnet from exclude IP. Now, turn ON warp. ( i have done enrolling etc …)
on entering the private IP address of pikvm on my browser it shows Bad gateway with Insecure stream.
However, i have another machine within the subnet running just a nginx server and it works fine.
Is it even possible to stream video on private address tunnels ? Why am i gettin ssl error ?

i made progress on this. I hosted a html playing video and found that video streaming works.
However i still keep getting Insecure upstream Error 526 when i connect the stream from pikvm. Can somebody please tell me how to fix this.

I found at troubleshooting:
causes of this insecure upstream may be because of

  1. untrusted certificate
    – but my certificate is provided by Cloudflare on creating the tunnel
  2. insecure cipher suite
    – pikvm is accessible over https public domain name withou warp, so this couldn’t be a problem ?

It also says: “We will support the ability for an administrator to configure whether to trust insecure connections in the very near future”
Is there a way i can configure trust ?

I have been trying to access pikvm on a windows 10 machine, chrome browser,
with private IP(NOT URL)

Try a Do Not Inspect rule in the HTTP policy sector Gateway for the host name in question.

I have tried setting policies on the private IP of my origin. No, didn’t help

The solution proposed in there with respect to certificate is to do with the domain access right ? I’m tunneling with private IP. And with the tunnels, origin certificate is provided by Cloudflare when tunnels are created and are stored in .cloudflared directory. How could invalid certificate be the problem ?

Running the curl command didn’t report any certificate error, meaning it’s not self signed.

Use the host name, override the client DNS to the hostname in Warp using a DNS override policy. Set a DNI for the host name.

Hi, think Do Not Inspect rule helped me. after disconnecting and reconnecting warp i’m able to connect. It works. Thank you!