April 4, 20224 yr Is there an easy way to tell if the tunnel is working? A command perhaps? When I try to look at the clouldflared log - it is blank for a second and then crashes. No idea why. It is the only docker log that does that. But as a result, I can't see what is going on.
April 4, 20224 yr 2 hours ago, Profezor said: Is there an easy way to tell if the tunnel is working? A command perhaps? When I try to look at the clouldflared log - it is blank for a second and then crashes. No idea why. It is the only docker log that does that. But as a result, I can't see what is going on. RESOLVED - Started from scratch. All working now
April 6, 20224 yr I'm thinking of setting this up, but I have two questions: 1) How are you handling local access. You wouldn't want to go out to the internet to access your local resources. I already do split DNS, but if your pointing to a port, then I'd have to use a reverse proxy. 2) I have mixed services dependant on SWAG for it's security like pihole, nextcloud, graylog. But some of them have their own IP's that SWAG hook into. Would these services break? 3) Maybe out of scope here, but I want to setup another proxynet that doesn't use the main unraid IP address for this.
April 7, 20224 yr Author On 4/5/2022 at 6:45 PM, ppunraid said: I'm thinking of setting this up, but I have two questions: 1) How are you handling local access. You wouldn't want to go out to the internet to access your local resources. I already do split DNS, but if your pointing to a port, then I'd have to use a reverse proxy. 2) I have mixed services dependant on SWAG for it's security like pihole, nextcloud, graylog. But some of them have their own IP's that SWAG hook into. Would these services break? 3) Maybe out of scope here, but I want to setup another proxynet that doesn't use the main unraid IP address for this. 1) I handle local access using PiHole on a raspberry pi, with Local DNS entires for each of my subdomains to point them back to the internal unraid IP address. I have a dd-wrt router that points DHCP clients to the pihole for DNS requests. I have a reverse proxy (Previously SWAG but now Traefik) on port 443 on unraid, so that the redirected requests look the same from inside and outside the network (same subdomain, https, etc). 2) I'm not exactly sure what you mean here, but you should be able to set up pihole and nextcloud as I have them working with this. In general you can either specify a different origin ip address for a specific subdomain with the cloudflare configuration itself, or you can have everything go to a reverse proxy and have the proxy point to a different IP address. 3) I'm also not exactly sure what you mean here but if you are talking about running the CF tunnels connection through a proxy it should be possible but it would likely increase the latency a fair bit.
April 7, 20224 yr How do you use this with the new GUI config Cloudflare came out with? They make it sound so easy, but it didn't have the option to choose unRAID using Docker, so I can't just copy and paste what it told me. I haven't set up any tunnels before. https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/ https://lzomedia.com/blog/how-to-setup-a-cloudflare-tunnel-new-using-gui-method/ Edited April 7, 20224 yr by Iceman24
April 9, 20224 yr Author On 4/7/2022 at 5:06 PM, Iceman24 said: How do you use this with the new GUI config Cloudflare came out with? They make it sound so easy, but it didn't have the option to choose unRAID using Docker, so I can't just copy and paste what it told me. I haven't set up any tunnels before. https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/ https://lzomedia.com/blog/how-to-setup-a-cloudflare-tunnel-new-using-gui-method/ You can use the GUI easily by taking the run token the tunnel gives you and modifying the command in the docker template. Something like Post Arguments: tunnel run --token <Your Tunnel Token from GUI>
April 29, 20224 yr Am i going mad. or has this broken? setup and connecting. but every request results in the same error. 2022-04-29T14:47:57Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp [ip for NGIX:443 goes here but removed]: connect: no route to host" cfRay=[blanked]-LHR originService=[ip for NGIX:443 goes here but removed] 2022-04-29T14:47:57Z ERR Failed to handle QUIC stream error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp [ip for NGIX:443 goes here but removed] : connect: no route to host" connIndex=1 Followed two guides to compare settings. tried setting disabletlsverify to true, just get 502 errors. even tried setting up each host name in the yaml. same deal. *hits head off wall*
May 13, 20224 yr installed first time tunnel for Oracle VPS by https://docs.ibracorp.io/vaultwarden-on-oracle-cloud-vps/ but having error of tunnel error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 129.xxx:443: i/o timeout" cfRay=70abxxxxxxxxxxx-CDG originService=https://129.xxxx:443 i have in config like in guide: ingress: - service: https://129.1xxxxxxx1:443 originRequest: originServerName: npm.mysite.com but in unraid guide is: ingress: - service: https://localproxynet:443 originRequest: originServerName: mysite.com
May 29, 20224 yr Author On 5/20/2022 at 3:55 AM, Goldmaster said: Seam to having permission issues with this on 6.10 If you are willing to look at the official docs you can modify the docker to only run with a token in the extra parameters, and the configuration can be done on the CF website. This should solve any permission issues. On the part about 6.10, my understanding is any permission issues aren't anything to do with the container or unraid but with incorrect permissions that unraid wasn't respecting before. Its possible you may need to force the container to use the user id you want, which can be done with --user 99:100 (for nobody:users) in extra parameters.
May 31, 20224 yr On 5/29/2022 at 4:12 PM, aeleos said: If you are willing to look at the official docs you can modify the docker to only run with a token in the extra parameters, and the configuration can be done on the CF website. This should solve any permission issues. On the part about 6.10, my understanding is any permission is On 5/20/2022 at 11:55 AM, Goldmaster said: Seam to having permission issues with this on 6.10 sues aren't anything to do with the container or unraid but with incorrect permissions that unraid wasn't respecting before. Its possible you may need to force the container to use the user id you want, which can be done with --user 99:100 (for nobody:users) in extra parameters. chmod 777 /mnt/user/appdata/cloudflared seems to solve this. Whether that's a good idea or not, however...
June 11, 20224 yr On 4/4/2022 at 2:48 PM, Profezor said: RESOLVED - Started from scratch. All working now Did you just uninstall and then cleanup the appdata? just uninstalled and im still getting the logs not loading and just flashing by. im on 6.10 and was working fine. I should not have to fix things after a stable update. Edited June 11, 20224 yr by Goldmaster
June 11, 20224 yr On 5/31/2022 at 12:38 PM, captainfeeny said: chmod 777 /mnt/user/appdata/cloudflared seems to solve this. Whether that's a good idea or not, however... I did try that and made no difference.
June 11, 20224 yr crying out loud, I forgot to set the Post arguments: tunnel run UUID in advanced settings! now seams to work fine.
July 15, 20223 yr Getting tons of "unable to reach the origin service" errors, but working fine... Anyway to solve that?
August 19, 20223 yr I am looking to enable warp routing and I can't quite figure out how to pass the extra post arg. I added this into my config.yaml and the logs show it is configured. warp-routing: enabled: true But I need to pass this extra arg "cloudflared tunnel route ip add 192.168.2.0/24 UUID" any idea how to do that? open console just crashes for me every time.
August 22, 20223 yr If I want to bypass the tunnel for a particular subdomain, is it as easy as setting said subdomain to dns only assuming the tunnel passes everything to swag/npm?
August 27, 20223 yr Hi is there a solution to these error, the issue i have is that CF seems to be working for afew hours and then i receive these error. If iu restart the app all is fine again for a few hours. if go to NGNIX and load the two apps i am connected thru HTTPS ?? 2022-08-27T17:46:39Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=7416a0beabb038ba-VIE originService=https://192.168.xx.xx:19443 2022-08-27T17:46:40Z ERR error="Unable to reach the origin service. The service xx.xx:19443 2022-08-27T17:46:40Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" connIndex=1 dest=https://mtamo.co.uk//site/wp-includes/wlwmanifest.xml ip=198.41.192.67 type=http 2022-08-27T17:46:40Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=7416a0c04d9738ba-VIE originService=https://192.168.xx.xx:19443 27T17:46:40Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to Any advice would be appreciated.
September 3, 20223 yr Thanks for this guide and docker @aeleos, was able to set it up and close my port frowarding rules. How are you guys handeling reating new certs ? DNS challenge ?? I use NPM and since i closed the ports 80 and 443 i get error when creating new certs. I also assume that this applies when renewing certificates also
September 22, 20223 yr So I'm a little lost. In the Ibracorp video, when you take a look at his installed docker apps, he didn't already have the dockerized container installed Am I supposed to install it before following the directions on the GitHub page? I tried following without it, but I'm getting the following error: `error writing cert to /home/nonroot/.cloudflared/cert.pem: open /home/nonroot/.cloudflared/cert.pem: permission denied` I know that `/home/nonroot/` doesn't exist in my filesystem, am I supposed to create it? Then I read something on here that if I use the dockerized container, i'm supposed to use some UUID/token in the advanced settings. I saw that, but where do I get that from? Do i have to create a tunnel first through cloudflare's site? Edited September 22, 20223 yr by HoLyCoW
September 23, 20223 yr I just followed the ibracorp video and have it up and running. My only change was to the config. I have the following... tunnel: UUID credentials-file: /home/nonroot/.cloudflared/UUID.json # NOTE: You should only have one ingress tag, so if you uncomment one block comment the others # forward all traffic to Reverse Proxy w/ SSL ingress: - service: https://REVERSEPROXYIP:PORT originRequest: noTLSVerify: true #forward all traffic to Reverse Proxy w/ SSL and no TLS Verify #ingress: # - service: https://REVERSEPROXYIP:PORT # originRequest: # noTLSVerify: true # forward all traffic to reverse proxy over http #ingress: # - service: http://REVERSEPROXYIP:PORT I kept getting errors with "originServerName: yourdomain.com" in my config.
September 24, 20223 yr I'm just going to put this here for anyone else. If you look at the written guide on Ibracorp's website (https://docs.ibracorp.io/cloudflare-tunnel/), the first step they say is to create the appdata directory and give it proper permissions first with the following command: mkdir -p /mnt/user/appdata/cloudflared/ && chmod -R 777 /mnt/user/appdata/cloudflared/ Then you can follow the rest of the video. Edited September 24, 20223 yr by HoLyCoW
October 4, 20223 yr Update: After a lot more work I'm now able to access my containers through the cloudflare tunnel. Game changer! I think my main problems were some sloppy copy/paste in my nginx.conf file and not paying close enough attention to which port numbers were mapped to http and https in Swag. What's interesting is that I can only get this to work with a tunnel created on the CLI. I've tried twice to use a tunnel created through the cloudflare UI and I can't get that to work. I feel like I tried all the config options in the UI, like different IP addresses and localhost, but I must be missing something. The tunnel is active and I can see in the logs when requests come through, but I just get various error messages depending on which IP I use or localhost. I don't think it really matters, but it bothers me when I can't figure something out. If anyone has this working with a UI-created tunnel, please let me know. Next challenges are figuring out how to enable LAN access with my custom domain and properly securing the external access. ------------------------------------------- After a solid 6 hours on this, I throw myself to the mercy of the good people in this great community. Most of this stuff is new to me, so it is 100% likely to be user error. I followed Ibracorps' guides for setting up the Cloudflare tunnel and configuring swag. I think I have scrapped everything and started over 4 times now. I've also carefully read through this whole topic and tried all the suggestions. I'm getting the "unable to reach the origin service" messages. In a browser, mydomain.com gives me a 502 error. 2022-10-04T05:14:46Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=754b6f95f8fb7ab7-LAX originService=https://192.168.1.107:8001 2022-10-04T05:14:46Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" connIndex=3 dest=https://mydomain.com/favicon.ico ip=xxx.xx.xxx.77 type=http Things I've tried: Setting noTLSVerify: true Setting originServerName to subdomain.mydomain.com (subdomain has a valid CNAME record) Trying both http and https for the service One very simple thing I'd like to confirm is exactly which IP address I should use for the service in the cloudflared config file. My swag port mappings are: 172.18.0.5:443/TCP -->192.168.1.107:8001 172.18.0.5:80/TCP __> 192.168.1.107:44301 I access my Unraid UI at http://192.168.1.107. I've been assuming I should use the 192.168 IPs as the service (edit: I've also tried the 172.18 IPs). Is that correct? Because most of this is new to me I'm limited in my ability to troubleshoot because I don't know how to tell exactly where in the chain the problem is. Seems like I'm either pointing the tunnel to swag improperly, or I've got a problem with my swag setup that's causing it to not respond. I welcome any and all suggestions. Edited October 6, 20223 yr by naxos Added additional info to IPs that I've tried.
October 12, 20223 yr So did anyone ever figure out how to address this issue? My logs are getting full of these errors and I've tried everything that everyone has suggested to no avail. Everything is working and connecting just fine Edited October 12, 20223 yr by SiRMarlon
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.