Wss connection times out when DNS records are set to proxy

I’ve come across an issue where connection to wss times out when we set the DNS records to be proxied.

These are the settings:
DNS records - proxied
App behind AWS LB
SSL/TLS encryption mode - Full

Whenever I enable proxied DNS records, I see this in the developer console:

 WebSocket connection to 'wss://' failed: 
..... Error: Socket connection timed out

I read here that I need to make sure to use ports compatible with CF proxy. This is not the issue as I’m using 443 which is compatible with https in proxy.

I tried to set SSL/TLS encryption mode to Full (Strict) and put an origin certificate on the AWS LB, still doesn’t work.

What else can I check or where else can I look for clues on why this is happenning?

So, using HTTPS, 443, Full (Strict) SSL and WSS, even :orange: cloud?

Do you connect to io via localhost, or http or https?
Does the app (NodeJS, etc.) run over a Nginx, or some other?
If yes, is the location /wss/ {} and/or / added and configured?

Hi @fritex thanks for your reply.

Connecting to io on https, no nginx or anything in front of the app.

Without proxied DNS, when the SSL is the one attached to the LB listener, everything works properly.

I found the solution.

It turns out that the websockets feature needs to be turned on. In the dashboard → Network → WebSockets. Just need to toggle it on.

This is funny considering that CF support doc on websockets says that:

How can I use WebSockets with Cloudflare?
No additional configuration is required to send WebSockets traffic through Cloudflare. Cloudflare will immediately begin proxying your WebSockets through to your origin.

If someone from CF sees this post, please update your docs.

1 Like

I’ll check what the default setting is and pass it on to the docs team if it is off by default.


@domjh thanks for your reply.

It appears that when creating a Zone ID, Websockets is enabled by default. So the docs are correct. However, it’d be nice if the doc could say something like “Make sure that websockets is enabled at Network → Websockets.”