Closed 23doors closed 6 months ago
I had a similar issue with cloudflare. Maybe my case helps you.
TL DR; Pressing "Enable GRPC" checkbox in cloudflare is not enough 😭. You need to struggle more to make it work.
I'm using cloudflare tunnels. When I tried to setup a sample GRPC server I could not query it through cloudflare. So I spent a couple of weeks playing with this https://github.com/cloudflare/cloudflared/issues/491 And after my sample GRPC server was working - terraform also started to work.
Not sure if this relates to this issue to be honest. I'm not using cloudflare tunnels, they're completely different from normal proxying. And briefly checking issue you linked, it doesn't exactly provide any solution to try either.
According to docs, Enable GRPC checkbox for cloudflare proxied resources (not argo tunnels) is actually enough.
Ok. Then it does not relate to you. Do you have other grpc services working there?
Fixed it. For anyone encountering this, this was not a bug in zitadel.
In cloudflare docs:
Make sure that the hostname that hosts your gRPC endpoint: - Is set to proxied - Uses at least the Full SSL/TLS encryption mode.
The last part is actually really important here. I was sure I had "Full" already on, but turns out it was on "Flexible". After switching it to "Full" it works just fine.
Thank you @vavsab for giving me an incentive to start digging a bit more!
Using Tunnels, Zitadel provider works by following this comment: https://github.com/cloudflare/cloudflared/issues/491#issuecomment-1643233485
Preflight Checklist
Version
1.0.5
ZITADEL Version
No response
Describe the problem caused by this bug
When using proxied subdomain for zitadel in cloudflare I can't seem to use terraform zitadel provider. Possibly also zitadel sdk in general as I guess it uses that.
Enabled grpc support on cloudflare side but it requires content-type to be application/grpc. Zitadel seems to be returning an incorrect content-type. Getting:
520 (); transport: received unexpected content-type "text/plain; charset=UTF-8"
To reproduce
Pretty self explanatory.
Screenshots
No response
Expected behavior
Cloudflare supports proxying grpc so it should work normally. It seems to be a matter of wrong content-type being used.
Relevant Configuration
No response
Additional Context
TF_LOG=trace logs
When disabled cloudflare proxying, it works fine.