Fastly, Google Cloud Functions & 503 SSL handshake error


#1

I have been attempting to setup Fastly with Google Cloud Functions to provide a fast cache for my users internationally for common queries.

However, everything I have attempted has ended up with a
"Error 503 SSL handshake error".

I have managed to set it up fine on KeyCDN, you can see a googlers blog post about setting it up on keyCDN.

There isn’t any magic, it is straight forward and it just works. I’ve tried mucking around with all the SSL settings I can, including turning of verification of the certification. Nothing seems to work.

Has anyone else has luck with Google Cloud Functions + Fastly or know what the heck the SSL Handshake Error means?

Note: I am using the free SSL, so thats .freetls.fastly.net & .global.ssl.fastly.net both give the same error.


#2

The 503 means that there was a handshake error when trying to connect to origin. Can you show me what your Origin settings are in the Fastly service you set up?


#3

One of the great support staff at fastly @Richard_Alpagot figured it out.

The SNI had to be set to the same as the Certificate hostname.

E.g.
Origins -> Host
Host: us-central1-gcloud-project.cloudfunctions.net:433
TLS options:
Certificate hostname: us-central1-gcloud-project.cloudfunctions.net
SNI hostname: us-central1-gcloud-project.cloudfunctions.net

Settings -> Override Host:
us-central1-gcloud-project.cloudfunctions.net

I will play with the settings and configure it right and then make an update on what the best settings are.


#4

hello

I’m trying to setup fastly in front of google cloud functions as well, do you have any more info on your setup? domain, address/hostname, SNI values you used? the KeyCDN content you posted above seems to be depreciated, is your setup still working?

thanks!
brian