Tunneled Websockets fail with 502

[jacobloveless]

Setup:

cloudflared tunnel --hostname=myhostname --no-tls-verify https://server

HTTPS traffic works just fine.
Websocket upgrade to port 8443 fails with 502 error.

I'm not sure what, if anything, needs to be enabled to help the tunnel know about the WSS proxy?

E.g. server listens on 443 (HTTPS) and 8443 (wss).
Client is attempting to access the server (via tunnel) at wss://hostname:8443

[rosstimson]

@jacobloveless Did you manage to work this out? I have the exact same issue.

[jacobloveless]

Nope unfortunately not

[andromedarabbit]

cloudflared strips Upgrade header when the requested protocol is http(s). If you try ws(s) instead of http(s) then it will work. This is kind of a huge pain for me.

[jacobloveless]

So to help close this issue - we had to separate out HTTP and WSS into separate tunnels
We have a WSS tunnel (with the backend pointing to the websocket port) and a seperate HTTPS tunnel (point to the https port).

[tigercoxgithub]

@andromedarabbit did you ever find a solution to cloudflare stripping [Upgrage ] headers?