cloudflare
đŸ’¡General `Upgrade` header support
Describe the feature you'd like
I attempted to serve my Headscale and Tailscale DERP Servers behind Cloudflare Tunnels, but unfortunately, they are not functioning as expected. The main issue stems from their usage of the Upgrade header, similar to the WebSocket protocol. However, unlike the standard Upgrade: websocket value, they employ custom values such as Upgrade: tailscale-control-protocol and Upgrade: derp.
Currently cloudflared is limited to handling only the standard Upgrade: websocket value. I'm curious if there would be any consequences of not detecting the value of the Upgrade header. As far as I know net/http/httputil.ReverseProxy doesn't detect these values, and everything seems to work fine. In fact, Cloudflare Proxy didn't detect them either.
Describe alternatives you've considered
Currently I'm using Cloudflare Proxy and things are working fine. But I still prefer to use Cloudflare Tunnel to serve my services.
Additional context
N/A
I'm not sure if this would be related to your problem, but have you tried to enable gRPC under your domain's settings on the Cloudflare main panel, under the "network" tab.
have you tried to enable gRPC under your domain's settings on the Cloudflare main panel, under the "network" tab.
I don't think that has anything to do with this issue, all my zones have those settings enabled.
This issue seems to be a local problem. ~It appears that cloudflared is rejecting requests with Upgrade values other than Upgrade: websocket.~
Edit: sorry I was wrong, cloudflared didn't reject those requests, but stripped their Upgrade headers before passing them to the backend.
Hello @aofei , did you manage to resolve your issue? If yes how? Thanks
Nope. Not only Cloudflare Tunnel, but now even Cloudflare Proxy doesn't support non-standard Upgrade headers anymore.
I've moved my Headscale to fly.io and then disabled Cloudflare Proxy (grey cloud), so I no longer have a need for this feature.