TLS handshake error when using Cloudfront as CDN

[adammiribyan]

I'm seeing this in kamal proxy logs -f for any request made from Cloudfront to the Rails app (Thruster). Cloudfront itself throws a 502 error screen.

2024-10-06T16:07:51.540795855Z {"time":"2024-10-06T16:07:51.54066842Z","level":"INFO","msg":"http: TLS handshake error from 64.252.114.216:24268: unknown server name"}

Kamal proxy settings:

proxy:
  ssl: true
  host: ****** (app's domain)

[kaka-ruto]

I have the very exact problem!

I have even changed the SSL configuration cycling from Full/Strict, to Flexible, to turning it off completely.

Also tried the suggestions on this issue to no luck https://github.com/basecamp/kamal/issues/1041

I've also turned the cloudflare proxy off but I'm still getting this error consistently.

I am on Rails 8 beta, Kamal 2.1.2

{"time":"2024-10-08T01:14:08.617000999Z","level":"INFO","msg":"Server started","http":":80"}
2024-10-08T01:14:09.400981958Z {"time":"2024-10-08T01:14:09.40005329Z","level":"INFO","msg":"Unable to proxy request","path":"/up","error":"dial tcp [::1]:3000: connect: connection refused"}
2024-10-08T01:14:09.401055561Z {"time":"2024-10-08T01:14:09.400435202Z","level":"INFO","msg":"Request","path":"/up","status":502,"dur":3,"method":"GET","req_content_length":0,"req_content_type":"","resp_content_length":0,"resp_content_type":"text/plain; charset=utf-8","remote_addr":"172.18.0.5:39196","user_agent":"Go-http-client/1.1","cache":"miss","query":""}

[kaka-ruto]

I found the issue with mine https://github.com/basecamp/kamal/issues/1041#issuecomment-2398653644

Try to find the actual reason why the healthcheck is failing, something upstream could be causing it.