Website not available with ssl/TLS enabled

My website suddenly isn’t available when tls/ssl (flexible) are enabled in Cloudflare tunnels. After signing in to https://emulate.SwoopingasaService.net , there is only a blank page.
27 Replies
Chaika
Chaika13mo ago
Only ever use Full (Strict). It doesn't matter for tunnels, but you should set it anyway We can't login, so can't exactly see that error. I would use dev tools (ctrl+shift+i) before logging in, check for any errors in console, and check the response details on the login request after you click sign in
Swoopingbird
SwoopingbirdOP13mo ago
Hi, that’s what I did. It gave me source mapping errors. This wasn’t occurring about a week ago and I didn’t change anything. All signs point toward this being something to do with cf tunnels
Swoopingbird
SwoopingbirdOP13mo ago
No description
Chaika
Chaika13mo ago
Source map errors are harmless in and of themselves, it's just helpful for debug, some people strip them though because they reveal info about your code. If you scroll up above those, is there anything else?
Swoopingbird
SwoopingbirdOP13mo ago
All I could find
Chaika
Chaika13mo ago
If you open up dev tools before logging in, and then navigate to the network tab, and then click HTML on Firefox or Document on Chrome, you should be able to see a request with more info. I'd be curious of the status code and headers on it, I would just be very careful about not exposing anything sensitive because your login details are in that request (blur out any cookies/auth headers, don't show request body, etc) Could also check cloudflared logs to see if it's failing in some way, journalctl -u cloudflared -f --lines=1000 if on systemd (Ubuntu, Debian, and derivs)
Swoopingbird
SwoopingbirdOP13mo ago
Status is 200 Nothing in the logs on the cloudflare dashboard Nothing showing up when I put that command in
Chaika
Chaika13mo ago
if you're not logged in as root, probably need to prefix it with sudo, also has to be ran where cloudflared is running, and I'm assuming linux could be cache or something else, what was cf-cache-status on the response headers?
Swoopingbird
SwoopingbirdOP13mo ago
There’s nothing in the logs at all Both on what’s hosting the site and where the proxy container lies I do notice in the headers section of dev tools, the cookie is set to http only Could that be the issue? Since this works perfectly fine without TLS
Swoopingbird
SwoopingbirdOP13mo ago
No description
Swoopingbird
SwoopingbirdOP13mo ago
Ok so that fixed SOME of my issues. I allowed cookies from this site. Still getting a blank page, but it’s allowing the js plug-ins to function
Chaika
Chaika13mo ago
http only just means only send the cookie over the headers, don't let it be accessible via Javascript nothing to do with http/https
Swoopingbird
SwoopingbirdOP13mo ago
Only thing I see in dev tools now is my site is using same site attributes for _session and token It says to change Samesite to samesite=none Ok gotcha Nevermind back to square one now with source map errors
Chaika
Chaika13mo ago
what do you mean it works without tls?
Swoopingbird
SwoopingbirdOP13mo ago
I can login and access the site when the tunnel security setting is set to “off” versus strict or flexible
Chaika
Chaika13mo ago
You mean when you access the site over http, over the tunnel, it works, but not when you access the site over https, over the tunnel?
Swoopingbird
SwoopingbirdOP13mo ago
Yes
Chaika
Chaika13mo ago
Sounds like your web server is misconfigured then What are your public hostname settings?
Swoopingbird
SwoopingbirdOP13mo ago
no. Like I said, this was not an issue a week ago and I didn’t change anything. I even restored from a known working backup Also TLS verification is disabled
Chaika
Chaika13mo ago
What's your full public hostname settings? HTTPS, TLS Verification disabled?
Swoopingbird
SwoopingbirdOP13mo ago
Yes And I’ve played around changing all of them already to try and get it to work
Chaika
Chaika13mo ago
If you connect locally, not going through the tunnel (if possible), does it work, over both http and https?
Swoopingbird
SwoopingbirdOP13mo ago
Just via the IP address? Yes
Chaika
Chaika13mo ago
using http or https?
Swoopingbird
SwoopingbirdOP13mo ago
Both. Perhaps a domain name issue or something?
Chaika
Chaika13mo ago
yea, could be related, some apps aren't made to be accessed over a reverse proxy. I pulled it down just to test and was unable to get it working at all over the tunnel, could only login locally, the auth process is a bit odd with the redirects, and it seems only really made for local access, with zero other config options. It looks like it was getting stuck in the main app controller setup, it calls /api/auth but never moves on, I'm guessing it's swallowing an exception internally somewhere. Could try reaching out to the devs of it, explaining you're trying to run it behind a reverse proxy and running into something weird, or you could try WARP Private Networking which would stlil give you remote access, more difficult to setup though and requires installing/running WARP in the background
Swoopingbird
SwoopingbirdOP13mo ago
yikes. yeah i can let them know, but this was working a week or so ago so i cant imagine its an issue with the site/app. I did mention it to them when it initially happened, but didn't get a response back for any fixes
Want results from more Discord servers?
Add your server