vouch-proxy icon indicating copy to clipboard operation
vouch-proxy copied to clipboard
verified publisher icon vouch

Vouch Proxy with Cloudflare DNS - SSL Handshake & Self-Signed Certs

Open jiriteach opened this issue 1 year ago • 0 comments

Hi - Has anyone setup Vouch with Cloudflare DNS? While it sounds simple enough - I keep getting SSL handshake errors on passback.

Scenario - Domain name setup with dns on Cloudflare and to proxy through Cloudflare eg. app.domain.comn and auth.domain.com Using Vouch as a docker container and NGINX as the reverse proxy. Cloudflare is using TLS 1.3.

Client --> app.domain.com --> requires auth --> goes to Azure for auth and is OK --> passback to auth.domain.com and I get SSL handshake errors.

2024/08/29 20:38:19 [error] 281512#281512: *56772 SSL_do_handshake() failed
(SSL: error:0A000410:SSL routines::sslv3 alert handshake failure:SSL alert number 40) 
while SSL handshaking to upstream, client: xxx, server: xxx.xxx.co.nz, request: "GET / HTTP/2.0", 
subrequest: "/validate", upstream: "https://xxx.xxx.xxx.xxx:443/validate", host: "xxx.xxx.co.nz"

I've configured Vouch for SSL and provided it the Cloudflare origin cert but its treating that a self-signed so throwing errors. How can I include Cloudflare's root certificate so its trusted? This is using Vouch as a docker container.

I've also tried a valid ssl certificate and still throws ssl handshake errors.

Any pointers? Thanks

jiriteach avatar Aug 29 '24 02:08 jiriteach