Update reverse-proxy.md (#1986)
Add blurb about how cloudflare proxy/tunnels is not supported/will not work
This commit is contained in:
parent
dfc089ed6a
commit
99e91a9d8a
1 changed files with 4 additions and 0 deletions
|
@ -15,6 +15,10 @@ The reverse proxy MUST be configured to support WebSockets, as it is needed for
|
||||||
|
|
||||||
WebSockets support is required when using the headscale embedded DERP server. In this case, you will also need to expose the UDP port used for STUN (by default, udp/3478). Please check our [config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml).
|
WebSockets support is required when using the headscale embedded DERP server. In this case, you will also need to expose the UDP port used for STUN (by default, udp/3478). Please check our [config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml).
|
||||||
|
|
||||||
|
### Cloudflare
|
||||||
|
|
||||||
|
Running headscale behind a cloudflare proxy or cloudflare tunnel is not supported and will not work as Cloudflare does not support WebSocket POSTs as required by the Tailscale protocol. See [this issue](https://github.com/juanfont/headscale/issues/1468)
|
||||||
|
|
||||||
### TLS
|
### TLS
|
||||||
|
|
||||||
Headscale can be configured not to use TLS, leaving it to the reverse proxy to handle. Add the following configuration values to your headscale config file.
|
Headscale can be configured not to use TLS, leaving it to the reverse proxy to handle. Add the following configuration values to your headscale config file.
|
||||||
|
|
Loading…
Reference in a new issue