CD
Cloudflare Developers4w ago
Parallax Error

WebSocket (WSS) Through Cloudflare Tunnel

Hi, I'm trying to host a Unity dedicated server for my game to a domain I own. Unity uses WebSockets for the multiplayer framework I'm using, so the clients talk to the host through wss://localhost:7777 I made a quick python script to test this: It sends a standard client hello to the endpoint and expects the server response. It works fine for localhost. So I tried setting up a cloudflared tunnel to provide the WebSocket service at wss://localhost:7777 to api.mydomain.com, with the path /socket. The ingress rule is set up as 
- hostname: api.mydomain.com
    path: /socket
    service: wss://localhost:7777
    originRequest:
      websocket: true
      noTLSVerify: true
      connectTimeout: 30s
- hostname: api.mydomain.com
    path: /socket
    service: wss://localhost:7777
    originRequest:
      websocket: true
      noTLSVerify: true
      connectTimeout: 30s
I then ran the Python script, attempting to connect to "wss://api.mydomain.com/socket". However, i received an exception 
websockets.exceptions.InvalidMessage: did not receive a valid HTTP response
websockets.exceptions.InvalidMessage: did not receive a valid HTTP response
I'm unsure if I'm missing any steps to setup the tunnel with WebSockets or if it's a certification issue: I'm using a self-signed certificate but with noTLSVerify I thought that it wouldn't matter Any help would be great, I can provide any additional info if needed about network traffic, headers, etc Thanks
1 Reply
Parallax Error
Parallax ErrorOP4w ago
Since I'm using WSS, I'm also unsure if there's something else I need to forward apart from 7777: I heard WSS also uses port 443 since it has something to do with HTTPS? I don't know anything at all about networking so I wasn't really sure Small update: Trying with the service tcp://localhost:7777 does have my Unity server acknowledge the connection, stating the TLS handshake failed at step 1 (so the client hello probably wasnt even accepted, which is strange) The Python socket script now gives the error 
websockets.exceptions.ConnectionClosedError: no close frame received or sent
websockets.exceptions.ConnectionClosedError: no close frame received or sent
So I may be on the right track but I'm still missing something since with the exact same script but instead sending to wss://localhost:7777, I receive a valid response from the server so the issue isn't with the data I'm sending (could be headers, not sure how to proceed with that theory) Hm it seems like its rather that the server is sending a server hello, but the ws isn't bidirectional Is there an issue with my configuration that allows the socket to be created but not for outgoing messages to be sent to connected listeners? 
- hostname: api.mydomain.com
    path: /socket
    service: tcp://localhost:7777
    originRequest:
      noTLSVerify: true
      connectTimeout: 30s
- hostname: api.mydomain.com
    path: /socket
    service: tcp://localhost:7777
    originRequest:
      noTLSVerify: true
      connectTimeout: 30s
2025-08-06T21:27:00Z DBG origin connection established connIndex=3 destAddr=tcp://localhost:7777 event=1 ingressRule=1 originService=tcp://localhost:7777

2025-08-06T21:27:00Z DBG proxy stream acknowledged connIndex=3 destAddr=tcp://localhost:7777 event=1 ingressRule=1 originService=tcp://localhost:7777

2025-08-06T21:27:01Z DBG downstream->upstream copy: stream 5 canceled by 
local with error code 0 connIndex=3 destAddr=tcp://localhost:7777 event=1 ingressRule=1 originService=tcp://localhost:7777
2025-08-06T21:27:00Z DBG origin connection established connIndex=3 destAddr=tcp://localhost:7777 event=1 ingressRule=1 originService=tcp://localhost:7777

2025-08-06T21:27:00Z DBG proxy stream acknowledged connIndex=3 destAddr=tcp://localhost:7777 event=1 ingressRule=1 originService=tcp://localhost:7777

2025-08-06T21:27:01Z DBG downstream->upstream copy: stream 5 canceled by 
local with error code 0 connIndex=3 destAddr=tcp://localhost:7777 event=1 ingressRule=1 originService=tcp://localhost:7777
Some more info when running cloudflared with `--loglevel debug Cancelled by local would indicate a Unitiy issue, but again if the same script just opens the socket and sends the payload to localhost:7777 instead of my domain it works Nvm, just had to use HTTPS as my service and remove the path

Did you find this page helpful?