Tuwunel deployment, Received HTTP/0.9 when not allowed

[sat0sh1c]

I am trying to deploy tuwunel with docker compose, here is the docker-compose.yml mainly copied from the docs:

# tuwunel

services:
    homeserver:
        ### If you already built the tuwunel image with 'docker build' or want to use a registry image,
        ### then you are ready to go.
        image: jevolk/tuwunel:latest
        restart: unless-stopped
        ports:
            - 8448:6167
        volumes:
            - db:/var/lib/tuwunel
            - ./tuwunel.toml:/etc/tuwunel.toml
            - ./tls/cert.pem:/etc/tls/cert.pem
            - ./tls/privkey.pem:/etc/tls/privkey.pem
        environment:
            TUWUNEL_SERVER_NAME: "hostname.com" # EDIT THIS
            TUWUNEL_DATABASE_PATH: /var/lib/tuwunel
            TUWUNEL_PORT: 6167
            TUWUNEL_MAX_REQUEST_SIZE: 20000000
            TUWUNEL_ALLOW_REGISTRATION: 'true'
            TUWUNEL_REGISTRATION_TOKEN: 'secret_token' # A registration token is required when registration is allowed.
            #TUWUNEL_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE: 'true'
            TUWUNEL_ALLOW_FEDERATION: 'true'
            TUWUNEL_TRUSTED_SERVERS: '["matrix.org"]'
            #TUWUNEL_LOG: warn,state_res=warn
            TUWUNEL_ADDRESS: 0.0.0.0
            TUWUNEL_CONFIG: '/etc/tuwunel.toml'
    ### Uncomment if you want to use your own Element-Web App.
    ### Note: You need to provide a config.json for Element and you also need a second
    ###       Domain or Subdomain for the communication between Element and tuwunel
    ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
    # element-web:
    #     image: vectorim/element-web:latest
    #     restart: unless-stopped
    #     ports:
    #         - 8009:80
    #     volumes:
    #         - ./element_config.json:/app/config.json
    #     depends_on:
    #         - homeserver

volumes:
    db:
volumes:
    db:

so I here is the output of the docker compose up, note that I have the following tuwunel.toml

[global]
server_name = "iusearchbtw.top"
cache_capacity_modifier = 0.78
max_request_size = "88 MiB"
allow_registration = true 
registration_token = "secret_token"
encryption_enabled_by_default_for_room_type = "all"
allow_unstable_room_versions = false 
admin_room_notices = true

[global.tls]
certs = "/etc/tls/cert.pem"
key = "/etc/tls/privkey.pem"

Attaching to homeserver-1
homeserver-1  | 2026-02-01T02:08:04.917572Z  INFO tuwunel::server: 1.4.9.1 server_name=iusearchbtw.top database_path="/var/lib/tuwunel" log_levels=info
homeserver-1  | 2026-02-01T02:08:05.963707Z  INFO main:start:open: tuwunel_database::engine::open: Opened database. columns=98 sequence=336 time=783.5918ms
homeserver-1  | 2026-02-01T02:08:05.981295Z  INFO main:start: tuwunel_service::migrations: Loaded RocksDB database with schema version 17
homeserver-1  | 2026-02-01T02:08:06.029777Z  INFO tuwunel_router::serve::tls: Note: It is strongly recommended that you use a reverse proxy instead of running tuwunel directly with TLS.
homeserver-1  | 2026-02-01T02:08:06.038415Z  INFO tuwunel_router::serve::tls: Listening on [0.0.0.0:6167] with TLS certificate /etc/tls/cert.pem

However when I try to send request to the server it fails with a very weird error related to http 0.9:

* using HTTP/1.x
> GET / HTTP/1.1
> Host: hostname.com:8448
> User-Agent: curl/8.17.0
> Accept: */*
> 
* Request completely sent off
* Received HTTP/0.9 when not allowed
* closing connection #0
curl: (1) Received HTTP/0.9 when not allowed

here is the distro used if it helps:
Linux deployment 6.12.67-0-rpi #1-Alpine SMP PREEMPT Mon Jan 26 18:22:57 UTC 2026 aarch64 Linux

[sat0sh1c]

The problem was the fact, that I was using TLS certificate file instead of a fullchain one. The solution was to just specify the fullchain.pem as a certificate in the config file:
tuwunel.toml

[global.tls]
certs = "/etc/tls/fullchain.pem" # use an actual fullchain file, not just rename it
key = "/etc/tls/privkey.pem"