From 99e91a9d8a740df793b54f4070de1739d894bf53 Mon Sep 17 00:00:00 2001
From: Kyhwana Pardus <kyhwana@gmail.com>
Date: Sun, 23 Jun 2024 10:47:26 +1200
Subject: [PATCH] Update reverse-proxy.md (#1986)

Add blurb about how cloudflare proxy/tunnels is not supported/will not work
---
 docs/reverse-proxy.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/reverse-proxy.md b/docs/reverse-proxy.md
index c6fd4b16..23c61c26 100644
--- a/docs/reverse-proxy.md
+++ b/docs/reverse-proxy.md
@@ -15,6 +15,10 @@ The reverse proxy MUST be configured to support WebSockets, as it is needed for
 
 WebSockets support is required when using the headscale embedded DERP server. In this case, you will also need to expose the UDP port used for STUN (by default, udp/3478). Please check our [config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml).
 
+### Cloudflare
+
+Running headscale behind a cloudflare proxy or cloudflare tunnel is not supported and will not work as Cloudflare does not support WebSocket POSTs as required by the Tailscale protocol. See [this issue](https://github.com/juanfont/headscale/issues/1468)
+
 ### TLS
 
 Headscale can be configured not to use TLS, leaving it to the reverse proxy to handle. Add the following configuration values to your headscale config file.