#Tunnel - no common encryption algorithm(s)

Sorry to bother - So I added another hostname to my tunnel configuration, saved it. Restarted cloudflared.

Now when I navigate to that domain, I get:

An error occurred during a connection to [redact].foobar.us. Cannot communicate securely with peer: no common encryption algorithm(s).

the first/original public hostname I added works fine.

It sounds like you tried to put your GitLab on a second-level or deeper subdomain (i.e gitlab.internal.example.com) when the Universal SSL Cert (the one Cloudflare gives you for free) only covers first-level subdomains (like gitlab.example.com). You can get around this by purchasing Advanced Certificate Manager (ACM) and turning on Total TLS or issuing an Adv. Cert for that deeper subdomain, or just by moving your Gitlab to a 1st level subdomain like shown in the tutorial.

sigh, okay

it would be soooo nice if this was presented to me when I added the public hostname

There's really no other option here?

I need to proxy minio through and s3 clients expect to prepend the region as a subdomain

use path style instead of virtual host style?

Otherwise you'd need a wildcard for virtual host style, so $10/m for ACM would be your only choice afaik

I looked to see if I could, but I think s3 deprecated that, quite a while ago.

They said they planned to, but delayed it and never re-scheduled it

https://aws.amazon.com/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/

I see. I thought I had used them more recently

I need to look harder at my s3 client config then.

there's no current date, and they say when they do pick one, they'll give a full year

yeah, right in my face: https://docs.rs/aws-sdk-s3/latest/aws_sdk_s3/config/struct.Builder.html#method.force_path_style