Gilgamesh

Members
  • Posts

    5
  • Joined

  • Last visited

Gilgamesh's Achievements

Noob

Noob (1/14)

0

Reputation

  1. I was getting the same error. As best I can tell, something got funky on SWAG. When I redid everything from the top, it worked without that error. I’m 90% sure it was CF not liking the old SSL cert I had on SWAG. Try turning your tunnel off, reopening your ports, change your DNS up to your router and get SWAG to pull a new cert, then roll everything back on again?
  2. Wanted to circle back in here and offer up the solution that I was able to make work after a few nights fighting this thing. First, I reverted back to open ports on my router and set my CF DNS back to update dynamically and point to my public IP. Tested that and could not get it to work. Once I did quite a bit of digging, I found that for some reason SWAG was being weird about my SSL certs. I think that was the root cause, and for some reason I could not get a cert to regenerate so I "unproxied" CF DNS. After taking all those steps, I was able to get SWAG to regenerate my cert, and everything worked. Terrific! After that, I stopped my Dynamic DNS container, started up cloudlfared and confirmed I was into my previously created tunnel. At that point, I removed the entirety of my CF DNS configuration, closed up my forwarding rules on my router and reset my CF DNS to route my root domain (@) to my Argo Tunnel, using a CNAME, and a second with my desired subdomain. Punched it all through and everything seems to work. I even get a CF page telling me to go pound sand when I try and access using the IP that a ping resolves to in a web browser. I'm not sure if I had to take all those steps, or if I could have just tried to regen my SSL cert through the tunnel but it seems like SWAG had trouble authenticating my cert while I was proxied through CF for my DNS (no tunnel), and it worked after I turned that proxying off.
  3. Sweet - step one complete, got the tunnels to create and mostly route over. Thank you a bunch! I've read behind to try and solve this next one, as it seems to have bitten others in this thread. Here's what I get, whether I have noTLSVerify set or not based on the above posts. 2021-08-11T04:34:55Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: cannot validate certificate for 192.168.xxx.xxx because it doesn't contain any IP SANs" cfRay=blahblahsomestuffhere originService=https://192.168.x.xxx:MYSWAGPORT CF DNS is set up with a CNAME routing myrootdomain.com to UUID.cfargotunnel.com Subdomain is set up with mysubdomain.myrootdomain.com I've also turned off my dynamic DNS docker for CF. Here's my config.yaml - I'll comment out either one, neither works when it is the active option. Both give me the x509 error above. Looks like my containers are not responding, when they were when I had ports open on my router. I've also tried subdomain.myrootdomain.com under the originServerName tag. tunnel: MYUUID credentials-file: /home/nonroot/.cloudflared/MYUUID.json # ingress: # - service: https://192.168.xxx.xxx:MYSWAGPORT # originRequest: # origiServerName: myrootdomain.com ingress: - service: https://192.168.xxx.xxx:MYSWAGPORT originRequest: noTLSVerify: true Sigh. Maybe I'm too dumb to pull this off.
  4. Yeah I do get a .json file, but it’s just .json with no file name. I was able to use another Linux machine, load the cloudflared docker, authenticate and delete my tunnels. I then created a tunnel on that machine, got a uuid and even tried to copy that json file into my appdata folder, and relaunch the container in unRAID but it did me no good, as unRAID still didn’t pick up the tunnel. Seems like a comms issue specifically from my server to Cloudflare in this case, but I’m not sure if that’s true, how to confirm it, or what to do about it. At first I thought maybe the container could not write to the appdata directory, but cert.pem is there and seems to work just fine. I also removed the container entirely, deleted it’s appdata files and folder and tried again from the top with the same result.
  5. I'm hoping this is the right place to ask. I have a nextcloud instance set up and working, and I want to run it through Argo for enhanced security. At the moment, I usually leave the required dockers running (mariadb, nextcloud and swag) open my router's management page, pop open my ports, push/pull the files I need, then close those forwarding rules back down. Obviously a pain, but I don't like the idea of leaving 80 and 443 forwarded when not needed. I'd much prefer to leave it running all the time. When following the IBRACORP tutorial, I get to the tunnel creation step just fine, then everything goes sideways. I don't get a UUID in the response from CloudFlare: docker run -it --rm -v /mnt/user/appdata/cloudflared:/home/nonroot/.cloudflared/ cloudflare/cloudflared tunnel create MYTUNNELNAME INFO[2021-08-08T23:18:20Z] Writing tunnel credentials to /home/nonroot/.cloudflared/.json. cloudflared chose this file based on where your origin certificate was found. INFO[2021-08-08T23:18:20Z] Keep this file secret. To revoke these credentials, delete the tunnel. INFO[2021-08-08T23:18:20Z] Created tunnel with id Then, I can't list or delete my tunnel, but I also cannot rerun the create command as a tunnel with that name already exists. Anyone have any ideas?