allamedo
commented
1 year ago I'm not sure if this would be related to your problem, but have you tried to enable gRPC under your domain's settings on the Cloudflare main panel, under the "network" tab.
Open aofei opened 1 year ago
allamedo
commented
1 year ago I'm not sure if this would be related to your problem, but have you tried to enable gRPC under your domain's settings on the Cloudflare main panel, under the "network" tab.
aofei
commented
1 year ago have you tried to enable gRPC under your domain's settings on the Cloudflare main panel, under the "network" tab.
I don't think that has anything to do with this issue, all my zones have those settings enabled.
This issue seems to be a local problem. ~It appears that cloudflared is rejecting requests with Upgrade values other than Upgrade: websocket.~
Edit: sorry I was wrong, cloudflared didn't reject those requests, but stripped their Upgrade headers before passing them to the backend.
pfrankw
commented
9 months ago Hello @aofei , did you manage to resolve your issue? If yes how? Thanks
aofei
commented
9 months ago Hello @aofei , did you manage to resolve your issue? If yes how? Thanks
Nope. Not only Cloudflare Tunnel, but now even Cloudflare Proxy doesn't support non-standard Upgrade headers anymore.
I've moved my Headscale to fly.io and then disabled Cloudflare Proxy (grey cloud), so I no longer have a need for this feature.
SSIvanov19
commented
2 months ago I am using Cloudflare Tunnel to use with Coder. But it gives me the following warning, that seems to be related to this issue:
Node uses WebSockets because the "Upgrade: DERP" header may be blocked on the load balancer.Here are the logs from Coder:
derphttp.Client.Connect: connecting to https://coder.example.com/derp
derphttp.Client.Connect: TLS version 0x304
derpclient: got cert example.com
derpclient: got cert WE1
derpclient: got cert GTS Root R4
derphttp.Client.Connect: not using fast start
derphttp.Client.Connect: DERP server returned status 426
We'll use WebSockets on the next connection attempt: GET failed with status code 426 (a proxy could be disallowing the use of 'Upgrade: derp'): DERP requires connection upgrade
Describe the feature you'd like
I attempted to serve my Headscale and Tailscale DERP Servers behind Cloudflare Tunnels, but unfortunately, they are not functioning as expected. The main issue stems from their usage of the
Upgradeheader, similar to the WebSocket protocol. However, unlike the standardUpgrade: websocketvalue, they employ custom values such asUpgrade: tailscale-control-protocolandUpgrade: derp.Currently
cloudflaredis limited to handling only the standardUpgrade: websocketvalue. I'm curious if there would be any consequences of not detecting the value of theUpgradeheader. As far as I knownet/http/httputil.ReverseProxydoesn't detect these values, and everything seems to work fine. In fact, Cloudflare Proxy didn't detect them either.Describe alternatives you've considered
Currently I'm using Cloudflare Proxy and things are working fine. But I still prefer to use Cloudflare Tunnel to serve my services.
Additional context
N/A