I've done this a dozen times before but this time, I cannot seem to connect to my web server using HTTPS. I created an AWS EKS cluster using eksctl. I deployed my deployments and services using kubectl. I have service URLs which are resolving on port 80.

I take the service URL's, put them in CNAME records, and Cloudflare resolves via http but not https. I get 521 errors, when I accept connections on port 443 in my Kubernetes services, I get SSL handshake errors.

The thing that confuses me is I thought Cloudflare provided an SSL layer but using my service URLs on port 80. It seems though that it's redirecting requests from cloudflare:443 to my-eks-cluster:443.

How do I debug this further to get some insight into what is going on ?

CodePudding user response：

Since your cluster works and accepts traffic, then the most probable reason is Encription mode in yours Cloudflare config.

And, according to your post, you are going to disable https at all on the origin side:

The thing that confuses me is I thought Cloudflare provided an SSL layer but using my service URLs on port 80. It seems though that it's redirecting requests from cloudflare:443 to my-eks-cluster:443.

So, you may want to check SSL settings to be sure that current Encription mode is Off

As per Cloudlare documentation: Encryption modes · Cloudflare SSL docs

Mode Off Setting your encryption mode to Off (not recommended) redirects any HTTPS request to plaintext HTTP.