search

cloudflare / cloudflared

Cloudflare Tunnel client (formerly Argo Tunnel)
https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide
Apache License 2.0
8.43k stars 735 forks source link

đŸ’¡General `Upgrade` header support #990

Open aofei opened 1 year ago

aofei commented 1 year ago

Describe the feature you'd like

I attempted to serve my Headscale and Tailscale DERP Servers behind Cloudflare Tunnels, but unfortunately, they are not functioning as expected. The main issue stems from their usage of the Upgrade header, similar to the WebSocket protocol. However, unlike the standard Upgrade: websocket value, they employ custom values such as Upgrade: tailscale-control-protocol and Upgrade: derp.

Currently cloudflared is limited to handling only the standard Upgrade: websocket value. I'm curious if there would be any consequences of not detecting the value of the Upgrade header. As far as I know net/http/httputil.ReverseProxy doesn't detect these values, and everything seems to work fine. In fact, Cloudflare Proxy didn't detect them either.

Describe alternatives you've considered

Currently I'm using Cloudflare Proxy and things are working fine. But I still prefer to use Cloudflare Tunnel to serve my services.

Additional context

N/A

allamedo commented 11 months ago

I'm not sure if this would be related to your problem, but have you tried to enable gRPC under your domain's settings on the Cloudflare main panel, under the "network" tab.

aofei commented 11 months ago

have you tried to enable gRPC under your domain's settings on the Cloudflare main panel, under the "network" tab.

I don't think that has anything to do with this issue, all my zones have those settings enabled.

This issue seems to be a local problem. ~It appears that cloudflared is rejecting requests with Upgrade values other than Upgrade: websocket.~

Edit: sorry I was wrong, cloudflared didn't reject those requests, but stripped their Upgrade headers before passing them to the backend.

pfrankw commented 5 months ago

Hello @aofei , did you manage to resolve your issue? If yes how? Thanks

aofei commented 5 months ago

Hello @aofei , did you manage to resolve your issue? If yes how? Thanks

Nope. Not only Cloudflare Tunnel, but now even Cloudflare Proxy doesn't support non-standard Upgrade headers anymore.

I've moved my Headscale to fly.io and then disabled Cloudflare Proxy (grey cloud), so I no longer have a need for this feature.