Open tjb900 opened 6 months ago
Aha! I think this is related to this:
client := http.Client{
Transport: &http.Transport{
TLSHandshakeTimeout: httpTimeout,
ResponseHeaderTimeout: httpTimeout,
},
Timeout: httpTimeout,
}
Creating blank http.Transport
seems to be considered dangerous, see also:
https://github.com/kubernetes-retired/go-open-service-broker-client/issues/132 https://github.com/mozilla-services/aws-signing-proxy/pull/4
I have a patch which uses DefaultTransport.Clone()
and then makes the required changes instead of starting with a blank Transport
, happy to put up for PR if it would be welcome!
I'd really have hoped the conventional HTTP(S) API calls required to setup the tunnels should be able to be made through a proxy
Try https://github.com/ChaiByte/CF-Tunnel-Transparent-Proxy/
Describe the bug
We have an environment where outbound access is firewalled and HTTP(s) access goes through a proxy. After following the (disappointing, but somewhat understandble) discussions on this topic in e.g. #350, I requested exemptions as per the document here:
https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/deploy-tunnels/tunnel-with-firewall/
However, it appears these are still insufficient - a hello world test still doesn't work.
To Reproduce Steps to reproduce the behavior:
And using strace I can see it is trying to connect directly to
api.trycloudflare.com
, not using a proxy:Expected behavior
I'd really have hoped the conventional HTTP(S) API calls required to setup the tunnels should be able to be made through a proxy. I've seen justifications elsewhere for the tunnel itself to not support proxied operation due to a preference for QUIC, and while that's disappointing it's at least understandable from a technical standpoint. The non-tunnel setup operations should still be proxyable though.
The page above listing required firewall exemptions potentially also needs amending to list
api.trycloudflare.com
for quick tunnels.Environment and versions
Logs and errors
See above.
Additional context Add any other context about the problem here.