Cloudflared/nginx is sending https to port 80

[Defman]

Hello, I have followed your example terraform-gcp-gke-ingress-controller and ran into the following error.

The following CNAMES is setup

CNAME(proxy): "docker-helloworld.${zone_name}" --> "cluster.${zone_name}"
CNAME(noproxy): "cluster.${zone_name}" --> "xxxx.cfargotunnel.com"

When visiting the site via https I get the following error.

CONNECTED(00000006)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 340 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 340 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

*   Trying 172.67.186.49:443...
* Connected to docker-helloworld.zone_name (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS alert, handshake failure (552):
* error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure

The nginx proxy/ingress controller handles https requests fine, if I turn on proxy for "cluster.${zone_name}".

I suspect the error is that cloudflared does not strip the https?

I should mention that the zone_name uses the .app extension, so maybe the nginx ingress controller forces https?

[rhabbachi]

Running into the same issue. Wondering if you found a suitable solution @Defman