I installed incus 6.10.1 on armbian for x64 (based on debian 12/bookworm) on a local machine on my home network.
I then created a cloudflare tunnel to it. I can now ping it successfully.
% ping images.handsonbox.io
PING images.handsonbox.io (104.21.57.151): 56 data bytes
64 bytes from 104.21.57.151: icmp_seq=0 ttl=52 time=23.857 ms
64 bytes from 104.21.57.151: icmp_seq=1 ttl=52 time=26.494 ms
64 bytes from 104.21.57.151: icmp_seq=2 ttl=52 time=22.789 ms
root@images:~# uname -a
Linux images.handsonbox.io 6.12.18-current-x86 #2 SMP PREEMPT_DYNAMIC Fri Mar 7 17:25:47 UTC 2025 x86_64 GNU/Linux
root@images:~# cat /etc/os-release
PRETTY_NAME=“Armbian 25.2.3 bookworm”
NAME=“Debian GNU/Linux”
VERSION_ID=“12”
VERSION=“12 (bookworm)”
VERSION_CODENAME=bookworm
ID=debian
HOME_URL=“https://www.armbian.com”
SUPPORT_URL=“https://forum.armbian.com”
BUG_REPORT_URL=“Bug reporting - Armbian”
ARMBIAN_PRETTY_NAME=“Armbian 25.2.3 bookworm”
My intension is to use this server to host only images so that others can “incus publish” their custom images onto this machine from outside of my home network (comes via cloudflare tunnel)
I went ahead and issued the following command on this machine:
root@images:~# incus config trust add mac14
Client mac14 certificate add token:
eyJjbGllbnRfbmFtZSI6Im1hYzE0I…
On my client (mac14) When i tried to add it as a remote endpoint, I getting BAD Gateway error.
% incus remote add images.handsonbox.io --accept-certificate
Error: Failed to fetch https://images.handsonbox.io:8443/1.0: 502 Bad Gateway
deepseek suggested me to try this command as part of debugging the problem, but I am not aure what to expect out of it 
% curl -I https://images.handsonbox.io:8443/1.0
HTTP/2 502
date: Sun, 16 Mar 2025 05:38:38 GMT
content-type: text/plain; charset=UTF-8
content-length: 15
report-to: {“endpoints”:[{“url”:“https://a.nel.cloudflare.com/report/v4?s=H1ca9i1X56SLe6UVC0kUVBEi0d90cP7kp8YPKdkwh560RhXnx5K7HBdw2%2F3%2FNmgPSfeVMwEOo07FZ6%2FMPOYAW3W2QG%2FXx7VTgwP1LWuX36GlpyG0PuuyUgjhkN2i0QWZbi7pemN%2FvMFTUF7D”}],“group”:“cf-nel”,“max_age”:604800}
nel: {“success_fraction”:0,“report_to”:“cf-nel”,“max_age”:604800}
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 9211e7cfe9242f58-LAX
alt-svc: h3=“:8443”; ma=86400
server-timing: cfL4;desc=“?proto=TCP&rtt=29016&min_rtt=20583&rtt_var=12851&sent=7&recv=10&lost=0&retrans=0&sent_bytes=2908&recv_bytes=605&delivery_rate=128192&cwnd=221&unsent_bytes=0&cid=ad91fec71b46d769&ts=106&x=0”
Q. What does it take to have a machine set up locally to host only images so that others can “incus publish” their custom images via cloudflare tunnel ?
Sincerely appreciate for any suggestions/advice on how to resolve BAD Gateway error.
Or is my thinking/approach is flawed to begin with.
thanks!