Alpha-Craft
CDCloudflare Developers
•Created by Alpha-Craft on 11/12/2024 in #general-help
Conflicts with cloudflare-ech and local Traefik
Hi! I am running a Cloudflare Tunnel for some of my services and I have local DNS entries to override the IP for their domains when connecting locally, as I don't think I need my traefik to go through Cloudflare when I'm in the same Network as my server. However, somehow Cloudflare causes some clients to execute the ECH call to the server, which also supports TLS 1.3 and HTTP3, with an outer layer that appears as
cloudflare-ech.com instead of the actually wanted domain in a local context. This causes the Traefik to also see the requested domain to be cloudflare-ech.com and as there is no service associated and no valid certificate, it returns the default certificate, which is invalid for this domain and breaks the connection. Is it somehow possible to override this behaviour locally? Any help is appreciated!12 replies
CDCloudflare Developers
•Created by Alpha-Craft on 8/31/2024 in #general-help
CF-Connecting-IP header missing
I am currently setting up a Cloudflare tunnel with Traefik and am having troubles with the CF-Conecting-IP request header. I need this header to figure out the visitor's IPs for one of my services, but it is completely missing. I have not messed with the Cloudflare settings and have made sure that the internal IP of cloudflared is trusted for forwarded headers on both Traefik and my other service. It does display some CF- headers, but not the one I need. You can see for yourself, that the header is missing, by visiting whoami.knoll-family.de (I am going to remove this URL when this is solved). Do you have any clue as to why this header might be missing?
3 replies