🐛Error when using tunnel to host website with Unicode character

[SilverKnightKMA]

Describe the bug Error when using tunnel to host website by route traffic via public dns records in cloudflare with domain name with Unicode character.

For example with my domain: xn-khn-lna.vn (Khôn.vn) vs tungvt.cf

To Reproduce Steps to reproduce the behavior:

1. Add a website to Cloudflare
2. Change your domain nameservers to Cloudflare
3. Create a Tunnel with these instructions
4. Route traffic to that Tunnel: Via public DNS records in Cloudflare
5. Try accessing the website

Expected behavior Unable to access Vietnamese domain with the error code set in Catch-all Rule: http_status: xxx in tunnel config

Environment and versions

• OS: Windows 10
• Architecture: Intel Xeon E3 1270 v6
• Version: [e.g. 2022.02.0]

Logs and errors If applicable, add logs or errors to help explain your problem.

Additional context Add any other context about the problem here.

[sudarshan-reddy]

Hey @SilverKnightKMA ! We tried adding this to the UI with no problems. What do you mean by Unable to access Vietnamese domain with the error code set in Catch-all Rule: http_status: xxx in tunnel config ? Are you trying to hit this eyeball with no results?

What is the response code? Are you seeing errors on cloudflared's side?

[SilverKnightKMA]

What do you mean by Unable to access Vietnamese domain with the error code set in Catch-all Rule: http_status: xxx in tunnel config ? What is the response code? Response Code is what I get when I change Catch-all rule: http_status. For example, when I leave it 401, when I visit Vietnamese Domain, HTTP Response will be 401.

Are you trying to hit this eyeball with no results? When I access the Vietnamese domain, everything is empty, if it is a normal domain, you can access it normally like in the screenshot.

Are you seeing errors on cloudflared's side? I don't see any errors at all, everything is fine.

[sudarshan-reddy]

Thanks @SilverKnightKMA . Can you also give me your tunnel_id? This is public information and is only a reference to your tunnel. No credentials are based on this.

[SilverKnightKMA]

0b6fb952-19a0-4244-ab04-ff636b5c99c3

Thanks

[SilverKnightKMA]

Any update? @sudarshan-reddy

[DevinCarr]

I looked in our logs and I didn't see anything out of the ordinary, could you run your cloudflared instance with cloudflared tunnel --loglevel debug run to see if your request makes it to cloudflared? Or if there are any reported errors in the logs?

[SilverKnightKMA]

2022-08-29T06:12:21Z INF Starting tunnel tunnelID=e21353e3-31da-4cff-bc5f-12791ee3ccef
2022-08-29T06:12:21Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp]
2022-08-29T06:12:21Z INF Version 2022.7.1
2022-08-29T06:12:21Z INF GOOS: windows, GOVersion: go1.17.10, GoArch: amd64
2022-08-29T06:12:21Z INF Settings: map[loglevel:debug token:*****]
2022-08-29T06:12:21Z INF cloudflared will not automatically update on Windows systems.
2022-08-29T06:12:21Z INF Generated Connector ID: 9d51d244-3ef7-4161-8403-56158667dd78
2022-08-29T06:12:21Z INF Will be fetching remotely managed configuration from Cloudflare API. Defaulting to protocol: quic
2022-08-29T06:12:21Z INF Initial protocol quic
2022-08-29T06:12:21Z INF cloudflared does not support loading the system root certificate pool on Windows. Please use --origin-ca-pool <PATH> to specify the path to the certificate pool
2022-08-29T06:12:22Z INF Starting metrics server on 127.0.0.1:57892/metrics
2022-08-29T06:12:22Z DBG looking up edge SRV record domain=_v2-origintunneld._tcp.argotunnel.com
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.192.37:7844 UDP:198.41.192.37:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.192.27:7844 UDP:198.41.192.27:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.192.7:7844 UDP:198.41.192.7:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.192.67:7844 UDP:198.41.192.67:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.192.77:7844 UDP:198.41.192.77:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.192.57:7844 UDP:198.41.192.57:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.192.227:7844 UDP:198.41.192.227:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.192.167:7844 UDP:198.41.192.167:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.192.47:7844 UDP:198.41.192.47:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.192.107:7844 UDP:198.41.192.107:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.200.73:7844 UDP:198.41.200.73:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.200.13:7844 UDP:198.41.200.13:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.200.23:7844 UDP:198.41.200.23:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.200.233:7844 UDP:198.41.200.233:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.200.63:7844 UDP:198.41.200.63:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.200.113:7844 UDP:198.41.200.113:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.200.193:7844 UDP:198.41.200.193:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.200.53:7844 UDP:198.41.200.53:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.200.33:7844 UDP:198.41.200.33:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG Edge Address: {TCP:198.41.200.43:7844 UDP:198.41.200.43:7844 IPVersion:4}
2022-08-29T06:12:22Z DBG edgediscovery - GetAddr: Giving connection its new address connIndex=0 ip=198.41.200.13
2022-08-29T06:12:22Z DBG rpcconnect: tx (bootstrap = (questionId = 0, deprecatedObjectId = <opaque pointer>))
2022-08-29T06:12:22Z DBG rpcconnect: tx (call = (questionId = 1, target = (promisedAnswer = (questionId = 0, transform = [])), interfaceId = 17804583019846587543, methodId = 0, allowThirdPartyTailCall = false, params = (content = <opaque pointer>, capTable = []), sendResultsTo = (caller = void)))
2022-08-29T06:12:22Z WRN Your version 2022.7.1 is outdated. We recommend upgrading it to 2022.8.2
2022-08-29T06:12:22Z DBG rpcconnect: rx (return = (answerId = 0, releaseParamCaps = false, results = (content = <opaque pointer>, capTable = [(senderHosted = 0)])))
2022-08-29T06:12:22Z DBG rpcconnect: tx (finish = (questionId = 0, releaseResultCaps = false))
2022-08-29T06:12:23Z DBG rpcconnect: rx (return = (answerId = 1, releaseParamCaps = false, results = (content = <opaque pointer>, capTable = [])))
2022-08-29T06:12:23Z INF cloudflared does not support loading the system root certificate pool on Windows. Please use --origin-ca-pool <PATH> to specify the path to the certificate pool
2022-08-29T06:12:23Z INF Connection bf6186bd-8062-4bde-a637-554d12dbe3ae registered connIndex=0 ip=198.41.200.13 location=SIN
2022-08-29T06:12:23Z DBG rpcconnect: tx (finish = (questionId = 1, releaseResultCaps = false))
2022-08-29T06:12:23Z INF cloudflared does not support loading the system root certificate pool on Windows. Please use --origin-ca-pool <PATH> to specify the path to the certificate pool
2022-08-29T06:12:23Z DBG edgediscovery - GetAddr: Giving connection its new address connIndex=1 ip=198.41.192.37
2022-08-29T06:12:23Z INF Updated to new configuration config="{\"ingress\":[{\"hostname\":\"demo.tungvt.cf\",\"originRequest\":{},\"service\":\"http://10.20.87.59\"},{\"hostname\":\"demo.khôn.vn\",\"originRequest\":{},\"service\":\"http://10.20.87.59\"},{\"service\":\"http_status:404\"}],\"warp-routing\":{\"enabled\":false}}" version=18
2022-08-29T06:12:23Z DBG rpcconnect: tx (bootstrap = (questionId = 0, deprecatedObjectId = <opaque pointer>))
2022-08-29T06:12:23Z DBG rpcconnect: tx (call = (questionId = 1, target = (promisedAnswer = (questionId = 0, transform = [])), interfaceId = 17804583019846587543, methodId = 0, allowThirdPartyTailCall = false, params = (content = <opaque pointer>, capTable = []), sendResultsTo = (caller = void)))
2022-08-29T06:12:23Z DBG rpcconnect: rx (return = (answerId = 0, releaseParamCaps = false, results = (content = <opaque pointer>, capTable = [(senderHosted = 0)])))
2022-08-29T06:12:23Z DBG rpcconnect: tx (finish = (questionId = 0, releaseResultCaps = false))
2022-08-29T06:12:23Z DBG rpcconnect: rx (return = (answerId = 1, releaseParamCaps = false, results = (content = <opaque pointer>, capTable = [])))
2022-08-29T06:12:23Z DBG rpcconnect: tx (finish = (questionId = 1, releaseResultCaps = false))
2022-08-29T06:12:23Z INF Connection 118c60c0-5d74-425a-a14b-0e1594e245ec registered connIndex=1 ip=198.41.192.37 location=HKG
2022-08-29T06:12:24Z DBG edgediscovery - GetAddr: Giving connection its new address connIndex=2 ip=198.41.200.63
2022-08-29T06:12:24Z DBG rpcconnect: tx (bootstrap = (questionId = 0, deprecatedObjectId = <opaque pointer>))
2022-08-29T06:12:24Z DBG rpcconnect: tx (call = (questionId = 1, target = (promisedAnswer = (questionId = 0, transform = [])), interfaceId = 17804583019846587543, methodId = 0, allowThirdPartyTailCall = false, params = (content = <opaque pointer>, capTable = []), sendResultsTo = (caller = void)))
2022-08-29T06:12:24Z DBG rpcconnect: rx (return = (answerId = 0, releaseParamCaps = false, results = (content = <opaque pointer>, capTable = [(senderHosted = 0)])))
2022-08-29T06:12:24Z DBG rpcconnect: tx (finish = (questionId = 0, releaseResultCaps = false))
2022-08-29T06:12:25Z DBG edgediscovery - GetAddr: Giving connection its new address connIndex=3 ip=198.41.192.67
2022-08-29T06:12:25Z DBG rpcconnect: tx (bootstrap = (questionId = 0, deprecatedObjectId = <opaque pointer>))
2022-08-29T06:12:25Z DBG rpcconnect: tx (call = (questionId = 1, target = (promisedAnswer = (questionId = 0, transform = [])), interfaceId = 17804583019846587543, methodId = 0, allowThirdPartyTailCall = false, params = (content = <opaque pointer>, capTable = []), sendResultsTo = (caller = void)))
2022-08-29T06:12:25Z DBG rpcconnect: rx (return = (answerId = 0, releaseParamCaps = false, results = (content = <opaque pointer>, capTable = [(senderHosted = 0)])))
2022-08-29T06:12:25Z DBG rpcconnect: tx (finish = (questionId = 0, releaseResultCaps = false))
2022-08-29T06:12:25Z DBG rpcconnect: rx (return = (answerId = 1, releaseParamCaps = false, results = (content = <opaque pointer>, capTable = [])))
2022-08-29T06:12:25Z INF Connection 23bc02cd-6476-429d-9b77-74c5a94f0322 registered connIndex=2 ip=198.41.200.63 location=SIN
2022-08-29T06:12:25Z DBG rpcconnect: tx (finish = (questionId = 1, releaseResultCaps = false))
2022-08-29T06:12:25Z DBG rpcconnect: rx (return = (answerId = 1, releaseParamCaps = false, results = (content = <opaque pointer>, capTable = [])))
2022-08-29T06:12:25Z DBG rpcconnect: tx (finish = (questionId = 1, releaseResultCaps = false))
2022-08-29T06:12:25Z INF Connection cfb155bb-cbb6-49ca-a5da-9e3d85927b32 registered connIndex=3 ip=198.41.192.67 location=HKG
2022-08-29T06:12:28Z DBG CF-RAY: 7423236bc924464f-SIN GET https://demo.tungvt.cf/ HTTP/1.1
2022-08-29T06:12:28Z DBG Inbound request CF-RAY=7423236bc924464f-SIN Header="map[Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8] Accept-Encoding:[gzip] Accept-Language:[en-US,en;q=0.5] Cdn-Loop:[cloudflare] Cf-Connecting-Ip:[101.96.121.196] Cf-Ipcountry:[VN] Cf-Ray:[7423236bc924464f-SIN] Cf-Visitor:[{\"scheme\":\"https\"}] Cf-Warp-Tag-Id:[016d7373-dfe0-45d7-a1e7-d99b9d204d2f] Priority:[u=1] Referer:[https://dash.teams.cloudflare.com/] Sec-Fetch-Dest:[document] Sec-Fetch-Mode:[navigate] Sec-Fetch-Site:[cross-site] Sec-Fetch-User:[?1] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0] X-Forwarded-For:[101.96.121.196] X-Forwarded-Proto:[https]]" host=demo.tungvt.cf path=/ rule=0
2022-08-29T06:12:28Z DBG CF-RAY: 7423236bc924464f-SIN Request content length 0
2022-08-29T06:12:28Z DBG CF-RAY: 7423236bc924464f-SIN Status: 200 OK served by ingress 0
2022-08-29T06:12:28Z DBG CF-RAY: 7423236bc924464f-SIN Response Headers map[Cache-Control:[private, no-cache, no-store, must-revalidate] Connection:[keep-alive] Content-Length:[721] Content-Security-Policy:[default-src 'self';script-src 'self' 'unsafe-inline' http://cdn.jsdelivr.net/npm/@apollographql/;style-src 'self' 'unsafe-inline' http://cdn.jsdelivr.net/npm/@apollographql/ https://fonts.googleapis.com/;script-src-attr 'self' 'unsafe-inline' http://cdn.jsdelivr.net/npm/@apollographql/ https://fonts.googleapis.com/;font-src 'self' data: https://fonts.gstatic.com/;img-src 'self' data: https://* http://*;connect-src 'self' wss://* ws://* data: http://* https://*;object-src 'self' data: http://* https://*;frame-src 'self' data: http://* https://*] Content-Type:[text/html; charset=utf-8] Date:[Mon, 29 Aug 2022 06:13:07 GMT] Etag:[W/"2d1-d8nrOJgBe12aS0jtebjIn4tChzI"] Expect-Ct:[max-age=30, enforce] Expires:[-1] Keep-Alive:[timeout=5] Origin-Agent-Cluster:[?1] Pragma:[no-cache] Referrer-Policy:[unsafe-url] Strict-Transport-Security:[max-age=15552000; includeSubDomains] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Dns-Prefetch-Control:[off] X-Download-Options:[noopen] X-Frame-Options:[SAMEORIGIN] X-Permitted-Cross-Domain-Policies:[none] X-Ratelimit-Limit:[10000] X-Ratelimit-Remaining:[9999] X-Ratelimit-Reset:[1661753588] X-Xss-Protection:[0]]
2022-08-29T06:12:28Z DBG CF-RAY: 7423236bc924464f-SIN Response content length 721
2022-08-29T06:12:32Z DBG CF-RAY: 7423237fe9c5464f-SIN POST https://demo.tungvt.cf/graphql HTTP/1.1
2022-08-29T06:12:32Z DBG Inbound request CF-RAY=7423237fe9c5464f-SIN Header="map[Accept:[*/*] Accept-Encoding:[gzip] Accept-Language:[en-US,en;q=0.5] Cdn-Loop:[cloudflare] Cf-Connecting-Ip:[101.96.121.196] Cf-Ipcountry:[VN] Cf-Ray:[7423237fe9c5464f-SIN] Cf-Visitor:[{\"scheme\":\"https\"}] Cf-Warp-Tag-Id:[016d7373-dfe0-45d7-a1e7-d99b9d204d2f] Content-Length:[1169] Content-Type:[application/json] Origin:[https://demo.tungvt.cf] Priority:[u=4] Referer:[https://demo.tungvt.cf/dashboard] Sec-Fetch-Dest:[empty] Sec-Fetch-Mode:[cors] Sec-Fetch-Site:[same-origin] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0] X-Forwarded-For:[101.96.121.196] X-Forwarded-Proto:[https]]" host=demo.tungvt.cf path=/graphql rule=0
2022-08-29T06:12:32Z DBG CF-RAY: 7423237fe9c5464f-SIN Request content length 1169
2022-08-29T06:12:32Z DBG CF-RAY: 7423237fe9c5464f-SIN Status: 200 OK served by ingress 0
2022-08-29T06:12:32Z DBG CF-RAY: 7423237fe9c5464f-SIN Response Headers map[Access-Control-Allow-Origin:[*] Connection:[keep-alive] Content-Length:[1647] Content-Type:[application/json; charset=utf-8] Date:[Mon, 29 Aug 2022 06:13:10 GMT] Etag:[W/"66f-qNmjLVTYzELXaJ6docZzldHeytg"] Keep-Alive:[timeout=5] X-Powered-By:[Express]]
2022-08-29T06:12:32Z DBG CF-RAY: 7423237fe9c5464f-SIN Response content length 1647
2022-08-29T06:12:32Z DBG CF-RAY: 74232384faf1464f-SIN POST https://demo.tungvt.cf/graphql HTTP/1.1
2022-08-29T06:12:32Z DBG Inbound request CF-RAY=74232384faf1464f-SIN Header="map[Accept:[*/*] Accept-Encoding:[gzip] Accept-Language:[en-US,en;q=0.5] Cdn-Loop:[cloudflare] Cf-Connecting-Ip:[101.96.121.196] Cf-Ipcountry:[VN] Cf-Ray:[74232384faf1464f-SIN] Cf-Visitor:[{\"scheme\":\"https\"}] Cf-Warp-Tag-Id:[016d7373-dfe0-45d7-a1e7-d99b9d204d2f] Content-Length:[983] Content-Type:[application/json] Origin:[https://demo.tungvt.cf] Priority:[u=4] Referer:[https://demo.tungvt.cf/dashboard] Sec-Fetch-Dest:[empty] Sec-Fetch-Mode:[cors] Sec-Fetch-Site:[same-origin] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0] X-Forwarded-For:[101.96.121.196] X-Forwarded-Proto:[https]]" host=demo.tungvt.cf path=/graphql rule=0
2022-08-29T06:12:32Z DBG CF-RAY: 74232384faf1464f-SIN Request content length 983
2022-08-29T06:12:32Z DBG CF-RAY: 74232384faf1464f-SIN Status: 200 OK served by ingress 0
2022-08-29T06:12:32Z DBG CF-RAY: 74232384faf1464f-SIN Response Headers map[Access-Control-Allow-Origin:[*] Connection:[keep-alive] Content-Length:[865] Content-Type:[application/json; charset=utf-8] Date:[Mon, 29 Aug 2022 06:13:10 GMT] Etag:[W/"361-/mNT7QyhOAP6WmmH3hfbmKa80uU"] Keep-Alive:[timeout=5] X-Powered-By:[Express]]
2022-08-29T06:12:32Z DBG CF-RAY: 74232384faf1464f-SIN Response content length 865
2022-08-29T06:12:39Z DBG CF-RAY: 742323ac684b4673-SIN GET https://demo.xn--khn-lna.vn/ HTTP/1.1
2022-08-29T06:12:39Z DBG Inbound request CF-RAY=742323ac684b4673-SIN Header="map[Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8] Accept-Encoding:[gzip] Accept-Language:[en-US,en;q=0.5] Cdn-Loop:[cloudflare] Cf-Connecting-Ip:[101.96.121.196] Cf-Ipcountry:[VN] Cf-Ray:[742323ac684b4673-SIN] Cf-Visitor:[{\"scheme\":\"https\"}] Cf-Warp-Tag-Id:[016d7373-dfe0-45d7-a1e7-d99b9d204d2f] Priority:[u=1] Referer:[https://dash.teams.cloudflare.com/] Sec-Fetch-Dest:[document] Sec-Fetch-Mode:[navigate] Sec-Fetch-Site:[cross-site] Sec-Fetch-User:[?1] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0] X-Forwarded-For:[101.96.121.196] X-Forwarded-Proto:[https]]" host=demo.xn--khn-lna.vn path=/ rule=2
2022-08-29T06:12:39Z DBG CF-RAY: 742323ac684b4673-SIN Request content length 0
2022-08-29T06:12:39Z DBG CF-RAY: 742323ac684b4673-SIN Status: 404 Not Found served by ingress 2
2022-08-29T06:12:39Z DBG CF-RAY: 742323ac684b4673-SIN Response Headers map[]
2022-08-29T06:12:39Z DBG CF-RAY: 742323ac684b4673-SIN Response content length 0
2022-08-29T06:12:39Z DBG CF-RAY: 742323b1295d4673-SIN GET https://demo.xn--khn-lna.vn/favicon.ico HTTP/1.1
2022-08-29T06:12:39Z DBG Inbound request CF-RAY=742323b1295d4673-SIN Header="map[Accept:[image/avif,image/webp,*/*] Accept-Encoding:[gzip] Accept-Language:[en-US,en;q=0.5] Cdn-Loop:[cloudflare] Cf-Connecting-Ip:[101.96.121.196] Cf-Ipcountry:[VN] Cf-Ray:[742323b1295d4673-SIN] Cf-Visitor:[{\"scheme\":\"https\"}] Cf-Warp-Tag-Id:[016d7373-dfe0-45d7-a1e7-d99b9d204d2f] Priority:[u=6] Referer:[https://demo.xn--khn-lna.vn/] Sec-Fetch-Dest:[image] Sec-Fetch-Mode:[no-cors] Sec-Fetch-Site:[same-origin] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0] X-Forwarded-For:[101.96.121.196] X-Forwarded-Proto:[https]]" host=demo.xn--khn-lna.vn path=/favicon.ico rule=2
2022-08-29T06:12:39Z DBG CF-RAY: 742323b1295d4673-SIN Request content length 0
2022-08-29T06:12:39Z DBG CF-RAY: 742323b1295d4673-SIN Status: 404 Not Found served by ingress 2
2022-08-29T06:12:39Z DBG CF-RAY: 742323b1295d4673-SIN Response Headers map[]
2022-08-29T06:12:39Z DBG CF-RAY: 742323b1295d4673-SIN Response content length 0
2022-08-29T06:12:48Z INF Initiating graceful shutdown due to signal interrupt ...
2022-08-29T06:12:48Z DBG Graceful shutdown signalled
2022-08-29T06:12:48Z DBG rpcconnect: tx (call = (questionId = 1, target = (importedCap = 0), interfaceId = 17804583019846587543, methodId = 1, allowThirdPartyTailCall = false, params = (content = <opaque pointer>, capTable = []), sendResultsTo = (caller = void)))
2022-08-29T06:12:48Z DBG rpcconnect: tx (call = (questionId = 1, target = (importedCap = 0), interfaceId = 17804583019846587543, methodId = 1, allowThirdPartyTailCall = false, params = (content = <opaque pointer>, capTable = []), sendResultsTo = (caller = void)))
2022-08-29T06:12:48Z DBG rpcconnect: tx (call = (questionId = 1, target = (importedCap = 0), interfaceId = 17804583019846587543, methodId = 1, allowThirdPartyTailCall = false, params = (content = <opaque pointer>, capTable = []), sendResultsTo = (caller = void)))
2022-08-29T06:12:48Z DBG rpcconnect: tx (call = (questionId = 1, target = (importedCap = 0), interfaceId = 17804583019846587543, methodId = 1, allowThirdPartyTailCall = false, params = (content = <opaque pointer>, capTable = []), sendResultsTo = (caller = void)))

I have sent requests to 2 domains pointing to the same host, demo.tungvt.cf and demo.xn-khn-lna.vn (demo.khôn.vn)

[nmldiegues]

Those logs show that:

• demo.tungvt.cf was handled correctly, responding with 200 OK, after talking to localhost:32400
• demo.xn-khn-lna.vn had a 404 because it found no matching public hostname rule in your Tunnel config

You seem to be indicating that you expect that to match asf.khôn.vn ? I may be missing something, but nothing will convert demo.xn-khn-lna.vn into asf.khôn.vn in the cloudflared tunnel route matching, so that's why you are getting a 404. Why isn't your ingress rule using demo.xn-khn-lna.vn ?

[SilverKnightKMA]

Let me correct you, both are subdomains in the form of demo.${domain}, you can see it in the config

2022-08-29T06:12:23Z INF Updated to new configuration config="{\"ingress\":[{\"hostname\":\"demo.tungvt.cf\",\"originRequest\":{},\"service\":\"http://10.20.87.59\"},{\"hostname\":\"demo.khôn.vn\",\"originRequest\":{},\"service\":\"http://10.20.87.59\"},{\"service\":\"http_status:404\"}],\"warp-routing\":{\"enabled\":false}}" version=18

demo.xn-khn-lna.vn had a 404 because it found no matching public hostname rule in your Tunnel config

As far as I can see, the domain in the config sent to cloudflared agent is demo.khôn.vn, and when the request is sent, it's demo.xn--khn-lna.vn I can't set it to demo.xn--khn-lna.vn because the web config doesn't allow it

[SilverKnightKMA]

Oh, and I would like to update the current tunnel id: e21353e3-31da-4cff-bc5f-12791ee3ccef

[nmldiegues]

As far as I can see, the domain in the config sent to cloudflared agent is demo.khôn.vn, and when the request is sent, it's demo.xn--khn-lna.vn I can't set it to demo.xn--khn-lna.vn because the web config doesn't allow it

When you go to https://dash.cloudflare.com/websites and click on the zone (the one about this problematic hostname), what is the Zone ID that shows up on the right?

[SilverKnightKMA]

917cfdf4188b128b54bdf5f62d2ab075

[nmldiegues]

Thanks. While I understand this to be wrong, it's not clear to me where the issue lies (within our systems) so we'll have to take some time to investigate.

[nmldiegues]

One final question: your first post shows that you access your Unicode hostname and the Network tooling in your browser shows that the same exactly string is sent over the wire.

However, when I tried that (on Chrome, Safari and Firefox), it always gets converted with Punnycode (https://en.wikipedia.org/wiki/Punycode) which is the source of the problem.

Did you configure anything in your browser for that? Maybe it depends on the OS lang configured.

[SilverKnightKMA]

As far as I remember, when sending a request from the browser to an address with special characters, it is always converted to Punnycode as you said. The text you see on my machine is just for display.

[SilverKnightKMA]

In my opinion, this is a problem of web config as it fixes the domain by the real domain, not the punnycode domain

[SilverKnightKMA]

Proof from another demo website of my friend, although it doesn't use cloudflared, it's a Vietnamese domain with special character.

[SilverKnightKMA]

Up

[DevinCarr]

To help address this, we will now locally construct the punycode version of hostname for the ingress rule and apply it to incoming requests (https://github.com/cloudflare/cloudflared/commit/b3e26420c082e250447038a3d66301ce63ad87eb). Feel free to try out the master branch version of cloudflared or this should be available in the next release!

[SilverKnightKMA]

Fixed, thanks