[Support] aeleos - cloudflared tunnels


Recommended Posts

3 hours ago, Shomil Saini said:

Oh, thanks a bunch. :) Is it a paid service as I only have a free account to tinker with.

I went to that site and it asks to create a domain and stuff. Just want to know what I am getting into.

 

Much Appreciated.

It's free, just login with your cloudflare account. Cloudflare does have to be your nameserver though.

  • Thanks 1
Link to comment
  • 2 weeks later...

Anyone else have this problem?

 

I delete my first tunnel, deleted cloudflared, cleaned the appdata, and am now trying to create another tunnel. I keep getting this error message when I'm trying to set up the tunnel in the terminal window. I login to cloudflare and authorize the tunnel and close the window and in the terminal window, this pops up 

 

Leave cloudflared running to download the cert automatically.
error writing cert to /home/nonroot/.cloudflared/cert.pem: open /home/nonroot/.cloudflared/cert.pem: permission denied

 

Anyone have any idea how to fix this? Very new to all of this

Link to comment
14 hours ago, Liqwid_Kirk said:

Anyone else have this problem?

 

I delete my first tunnel, deleted cloudflared, cleaned the appdata, and am now trying to create another tunnel. I keep getting this error message when I'm trying to set up the tunnel in the terminal window. I login to cloudflare and authorize the tunnel and close the window and in the terminal window, this pops up 

 

Leave cloudflared running to download the cert automatically.
error writing cert to /home/nonroot/.cloudflared/cert.pem: open /home/nonroot/.cloudflared/cert.pem: permission denied

 

Anyone have any idea how to fix this? Very new to all of this

I'm guessing permission issue with your /mnt/user/appdata/cloudflared folder. 

try run chown nobody:users /mnt/user/appdata/cloudflared

then login again.

Edited by LeoRX
Link to comment
13 minutes ago, Liqwid_Kirk said:

Still gave me the same error

"bash: chown: command not found"?  where are you running this command?  the goal is change the permission of /mnt/user/appdata/cloudflared so when you execute the login command, it can save the certificate.

Link to comment
12 hours ago, LeoRX said:

"bash: chown: command not found"?  where are you running this command?  the goal is change the permission of /mnt/user/appdata/cloudflared so when you execute the login command, it can save the certificate.

 

 

No, that worked. It was the login attempt after, still gave the same error 

Link to comment
  • 3 weeks later...
On 11/3/2021 at 10:07 PM, LeoRX said:

I'm guessing permission issue with your /mnt/user/appdata/cloudflared folder. 

try run chown nobody:users /mnt/user/appdata/cloudflared

then login again.

I have the same issue...

The solution is replace 755 from folder to 777
mkdir -p /mnt/user/appdata/cloudflared/ && chmod -R 777 /mnt/user/appdata/cloudflared/

After that you can keep sending the other commands, it will work ;)

Edited by psycmos
  • Like 2
  • Thanks 2
Link to comment
On 11/20/2021 at 8:39 PM, psycmos said:

I have the same issue...

The solution is replace 755 from folder to 777
mkdir -p /mnt/user/appdata/cloudflared/ && chmod -R 777 /mnt/user/appdata/cloudflared/

After that you can keep sending the other commands, it will work ;)

In my case the container complains returns the following error after updating these permissions:

 

<Timestamp> INF Starting tunnel tunnelID=<UUID>
Tunnel credentials file 'home/nonroot/.cloudflared/<UUID>.json' doesn't exist or is not a file

 

That file seems to be properly shared:

ls -li /mnt/user/appdata/cloudflared/
total 12
<size> -rwxrwxrwx 1 nobody users 188 Nov 27 01:09 <UUID>.json*
<size> -rwxrwxrwx 1 nobody users 1938 Nov 27 01:08 cert.pem*
<size> -rwxrwxrwx 1 nobody users 249 Nov 27 01:13 config.yaml*

 

Anyone have any ideas? Could someone tell me what their permissions look like on those files and what line endings those files have? Also what version of the container is working for you at this point might be helpful. Thanks for your time.

Edited by paperblankets
Formatting
Link to comment

Had my system working well, but I had to delete and redo.

Now I can get the argo tunnel to work.

My error message is (real numbers obscured) -

 

2021-12-05T05:01:43Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate is not valid for any names, but wanted to match brownfamily.se" cfRay=XXXXXXXXXX7ac5ed885-CPH originService=https://192.168.40.100:2053

 

I know the answer is simple. Any ideas? I followed Ibracorp's video both times.

 

Yes, I know this has been asked before, but the "answers" didn't help.

Thanks

Edited by Profezor
Link to comment
  • 2 weeks later...
  • 1 month later...

So,

 

I've tried "noTLSVerify: true" setting CF to SSL/TLS encryption Full, and still a no-go.

 

I haven't tried to add more CloudflareD dockers because I only have 1 domain, registered with Cloudflare directly (10 years for 85 dollars, nice).

 

I have the situation when trying to add services (dockers) in my UnRAID server at home that only the one pointing at my nextcloud will work.

 

At least my Nextcloud docker is working great with the tunnel.

 

I'm using NginxProxyManager docker, and this is how it looks:

nginx.thumb.jpg.77ca2098df4870baf25e2ac314925536.jpg
I created my origin certificate and using it for all the proxy hosts.My config.yaml looks like this:

tunnel: 02c0092f-xxxx-xxx-xxxx-efde75ff8964
credentials-file: /home/nonroot/.cloudflared/02c0092f-xxxx-xxx-xxxx-efde75ff8964.json

# NOTE: You should only have one ingress tag, so if you uncomment one block comment the others

# forward all traffic to Reverse Proxy w/ SSL
ingress:
  - service: https://192.168.0.10:18443
    originRequest:
      originServerName: nc.my-domain.com

#forward all traffic to Reverse Proxy w/ SSL and no TLS Verify
#ingress:
#  - service: https://REVERSEPROXYIP:PORT
#    originRequest:
#      noTLSVerify: true

# forward all traffic to reverse proxy over http
#ingress:
#  - service: http://REVERSEPROXYIP:PORT

 

The reason I am using a subdomain as my origin server is because it does not work with the root domain.

 

According to https://ibracorp.gitbook.io/cloudflare-tunnel/ it should work with any subdomain like this, however, when I try to use any subdomain other than nc (for NextCloud) I always get an error 502 from cloudflare:

502error.thumb.jpg.43d01d13b7c55fadbc0baea50fef1be4.jpg
If I run:

 

curl -Ikv https://nc.my-domain.com --resolve nc.my-domain.com:444:192.168.0.10

 

I get these results:
 

* Added nc.my-domain.com:444:192.168.0.10 to DNS cache
*   Trying 104.21.57.60:443...
* Connected to nc.my-domain.com (104.21.57.60) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: none
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Feb  3 00:00:00 2022 GMT
*  expire date: Feb  2 23:59:59 2023 GMT
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x494b00)
> HEAD / HTTP/2
> Host: nc.my-domain.com
> user-agent: curl/7.79.1
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 302
HTTP/2 302
< date: Fri, 04 Feb 2022 17:04:24 GMT
date: Fri, 04 Feb 2022 17:04:24 GMT
< content-type: text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
< location: https://nc.my-domain.com/login
location: https://nc.my-domain.com/login
< cache-control: no-store, no-cache, must-revalidate
cache-control: no-store, no-cache, must-revalidate
< content-security-policy: default-src 'self'; script-src 'self' 'nonce-YjdDa1NKQWp0R2VLaEdGYjBZdzUyVnFnWjdtM0pYZHhVd3NxNDkxOVFaTT06SU9icUNxWlUxUlBEL1JBNW9QeGVyalhDTThQRUVBVVVCVmxhMitVVEp0ND0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
content-security-policy: default-src 'self'; script-src 'self' 'nonce-YjdDa1NKQWp0R2VLaEdGYjBZdzUyVnFnWjdtM0pYZHhVd3NxNDkxOVFaTT06SU9icUNxWlUxUlBEL1JBNW9QeGVyalhDTThQRUVBVVVCVmxhMitVVEp0ND0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
< expires: Thu, 19 Nov 1981 08:52:00 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
< pragma: no-cache
pragma: no-cache
< referrer-policy: no-referrer
referrer-policy: no-referrer
< set-cookie: oc_sessionPassphrase=FA01vnzm1ZQmr25UP1C%2BSnT9gUFifKElOdF3Qui8oLbNMCftXndK488usHSKrge3b0nfZsd4MR8LWzRoBfLkdfA1kHHCCzlxzx6ofSr8jqF%2FuBZRt8kIgifOLU4djQfc; path=/; secure; HttpOnly; SameSite=Lax
set-cookie: oc_sessionPassphrase=FA01vnzm1ZQmr25UP1C%2BSnT9gUFifKElOdF3Qui8oLbNMCftXndK488usHSKrge3b0nfZsd4MR8LWzRoBfLkdfA1kHHCCzlxzx6ofSr8jqF%2FuBZRt8kIgifOLU4djQfc; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: ocbbybzf14ew=mktf5gihqiluihdif096q7p28i; path=/; secure; HttpOnly; SameSite=Lax
set-cookie: ocbbybzf14ew=mktf5gihqiluihdif096q7p28i; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
< set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
< strict-transport-security: max-age=63072000; preload
strict-transport-security: max-age=63072000; preload
< x-content-type-options: nosniff
x-content-type-options: nosniff
< x-download-options: noopen
x-download-options: noopen
< x-frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
< x-permitted-cross-domain-policies: none
x-permitted-cross-domain-policies: none
< x-robots-tag: none
x-robots-tag: none
< x-served-by: nc.my-domain.com
x-served-by: nc.my-domain.com
< x-xss-protection: 1; mode=block
x-xss-protection: 1; mode=block
< cf-cache-status: DYNAMIC
cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2B8SLbS4qy3ooSCbyvGbamNd47Nd%2FBNbS9mAsEChCEny5SA3XkYFpAuEXXjE2Cctf5n0hkVGnUFuE81NoDZ1vUPZbkTYrWi6IiEHo18WdjZ%2B6qv2YQqrKYDT3sx5FSMDXkbUwPk%3D"}],"group":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2B8SLbS4qy3ooSCbyvGbamNd47Nd%2FBNbS9mAsEChCEny5SA3XkYFpAuEXXjE2Cctf5n0hkVGnUFuE81NoDZ1vUPZbkTYrWi6IiEHo18WdjZ%2B6qv2YQqrKYDT3sx5FSMDXkbUwPk%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
server: cloudflare
< cf-ray: 6d857a4b5bc7e116-IAD
cf-ray: 6d857a4b5bc7e116-IAD
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

<
* Connection #0 to host nc.my-domain.com left intact

 

And it works perfectly fine, but if I try with ("bw" is for my vaultwarden docker):
 

curl -Ikv https://bw.my-domain.com --resolve bw.my-domain.com:4743:192.168.0.10

 

The results are these:
 

* Added bw.my-domain.com:4743:192.168.0.10 to DNS cache
*   Trying 172.67.159.228:443...
* Connected to bw.my-domain.com (172.67.159.228) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: none
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Feb  3 00:00:00 2022 GMT
*  expire date: Feb  2 23:59:59 2023 GMT
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x494b00)
> HEAD / HTTP/2
> Host: bw.my-domain.com
> user-agent: curl/7.79.1
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 502
HTTP/2 502
< date: Fri, 04 Feb 2022 17:02:59 GMT
date: Fri, 04 Feb 2022 17:02:59 GMT
< content-type: text/html
content-type: text/html
< cf-cache-status: DYNAMIC
cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bialhy6Yk2wOfqIzpZhB5hARq8HLYARVC6%2FuZ7yM5ZgTQHuYRA3%2B8AGRfK9K5Y1qTKVC9Ttj46iqvrw6obnzgy8803DNyGn1ML4Yb%2FnrNaLodrilxHWnS1ep3eY9tsSRnVja42o%3D"}],"group":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bialhy6Yk2wOfqIzpZhB5hARq8HLYARVC6%2FuZ7yM5ZgTQHuYRA3%2B8AGRfK9K5Y1qTKVC9Ttj46iqvrw6obnzgy8803DNyGn1ML4Yb%2FnrNaLodrilxHWnS1ep3eY9tsSRnVja42o%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
server: cloudflare
< cf-ray: 6d8578464e18b3ee-IAH
cf-ray: 6d8578464e18b3ee-IAH
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

<
* Connection #0 to host bw.my-domain.com left intact

 

And it's the same result for anything other than the subdomain for Nextcloud.

 

I have a PFsense box in front of it getting DDNS from cloudflare at the root domain and the "www." subdomain, and it's pulling my IP just fine (I know that's not needed, but it doesn't hurt either, I think).

 

Same thing with the "unraid" subdomain to try and access my Unraid instance.

 

At this point I can reach my UnRAID via Wireguard, but to allow my wife and kids to have their Bitwarden access outside the house, I really need to get it to tunnel over CF.

 

I even tried eliminating and recreating the cert/key, still same results, only the nc subdomain works and opens reaches nextcloud, everything else is a 502 error.

 

Another thing that's blowing my mind is that, even though Nextcloud is working, I keep seeing this error in the ClouflareD log:

 

2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602d458a51396-SEA originService=https://192.168.0.10:18443

 

This is the full log:

 



ErrorWarningSystemArrayLogin

2022-02-04T16:33:43Z INF Starting tunnel tunnelID=02c0092f-8b9f-484e-a097-efde75ff8964
2022-02-04T16:33:43Z INF Version 2022.2.0
2022-02-04T16:33:43Z INF GOOS: linux, GOVersion: go1.17.1, GoArch: amd64
2022-02-04T16:33:43Z INF Settings: map[cred-file:/home/nonroot/.cloudflared/02c0092f-8b9f-484e-a097-efde75ff8964.json credentials-file:/home/nonroot/.cloudflared/02c0092f-8b9f-484e-a097-efde75ff8964.json no-autoupdate:true]
2022-02-04T16:33:43Z INF Generated Connector ID: f9d23c66-a989-46c6-a3a2-f9d064a84bdf
2022-02-04T16:33:43Z INF Initial protocol http2
2022-02-04T16:33:43Z INF Starting metrics server on 127.0.0.1:45829/metrics
2022-02-04T16:33:43Z INF Connection e3532300-9aef-42be-aabc-43ce2ef73bea registered connIndex=0 location=MIA
2022-02-04T16:33:44Z INF Connection 8aa60d78-6035-44c7-a28a-ccea7b45074b registered connIndex=1 location=IAD
2022-02-04T16:33:45Z INF Connection 0dc123ae-ef5b-43a5-90e9-cca54c26a5b7 registered connIndex=2 location=MIA
2022-02-04T16:33:46Z INF Connection 6ac7a43e-7e58-4010-9b3e-b04b303e906f registered connIndex=3 location=IAD
2022-02-04T16:48:23Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8562e1ba5871bd-LHR originService=https://192.168.0.10:18443
2022-02-04T16:48:24Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8562e6c80d8880-LHR originService=https://192.168.0.10:18443
2022-02-04T16:50:39Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8566338df77c47-LAX originService=https://192.168.0.10:18443
2022-02-04T16:51:44Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8567c8e8f77c5c-LAX originService=https://192.168.0.10:18443
2022-02-04T17:01:09Z INF Lost connection with the edge connIndex=1
2022-02-04T17:01:09Z WRN Serve tunnel error error="connection with edge closed" connIndex=1
2022-02-04T17:01:09Z INF Retrying connection in up to 1s seconds connIndex=1
2022-02-04T17:01:09Z INF Unregistered tunnel connection connIndex=1
2022-02-04T17:01:09Z INF Lost connection with the edge connIndex=2
2022-02-04T17:01:09Z WRN Serve tunnel error error="connection with edge closed" connIndex=2
2022-02-04T17:01:09Z INF Retrying connection in up to 1s seconds connIndex=2
2022-02-04T17:01:09Z INF Unregistered tunnel connection connIndex=2
2022-02-04T17:01:10Z INF Connection 114a8f80-7ef2-49ee-98eb-7dd6fdc7c8e1 registered connIndex=1 location=IAD
2022-02-04T17:01:10Z INF Lost connection with the edge connIndex=3
2022-02-04T17:01:10Z WRN Serve tunnel error error="connection with edge closed" connIndex=3
2022-02-04T17:01:10Z INF Retrying connection in up to 1s seconds connIndex=3
2022-02-04T17:01:10Z INF Unregistered tunnel connection connIndex=3
2022-02-04T17:01:11Z INF Connection 544ca0f8-2390-4362-942b-4821a2fb3e21 registered connIndex=2 location=MIA
2022-02-04T17:01:11Z INF Connection e22c31dc-6cc8-4a75-b5c2-e65d7491c94e registered connIndex=3 location=IAD
2022-02-04T17:28:38Z INF Lost connection with the edge connIndex=0
2022-02-04T17:28:38Z WRN Serve tunnel error error="connection with edge closed" connIndex=0
2022-02-04T17:28:38Z INF Retrying connection in up to 1s seconds connIndex=0
2022-02-04T17:28:38Z INF Unregistered tunnel connection connIndex=0
2022-02-04T17:28:40Z INF Lost connection with the edge connIndex=2
2022-02-04T17:28:40Z INF Unregistered tunnel connection connIndex=2
2022-02-04T17:28:40Z WRN Serve tunnel error error="connection with edge closed" connIndex=2
2022-02-04T17:28:40Z INF Retrying connection in up to 1s seconds connIndex=2
2022-02-04T17:28:40Z INF Connection 1a5951fd-40c1-45db-a2b2-39fb61a23ba4 registered connIndex=0 location=MIA
2022-02-04T17:28:42Z INF Connection ba6c29e3-56b3-4d10-a040-b0d2d8f61eda registered connIndex=2 location=TPA
2022-02-04T17:32:07Z INF Lost connection with the edge connIndex=3
2022-02-04T17:32:07Z WRN Serve tunnel error error="connection with edge closed" connIndex=3
2022-02-04T17:32:07Z INF Retrying connection in up to 1s seconds connIndex=3
2022-02-04T17:32:07Z INF Unregistered tunnel connection connIndex=3
2022-02-04T17:32:07Z INF Lost connection with the edge connIndex=0
2022-02-04T17:32:07Z WRN Serve tunnel error error="connection with edge closed" connIndex=0
2022-02-04T17:32:07Z INF Unregistered tunnel connection connIndex=0
2022-02-04T17:32:07Z INF Retrying connection in up to 1s seconds connIndex=0
2022-02-04T17:32:07Z INF Lost connection with the edge connIndex=1
2022-02-04T17:32:07Z WRN Serve tunnel error error="connection with edge closed" connIndex=1
2022-02-04T17:32:07Z INF Retrying connection in up to 1s seconds connIndex=1
2022-02-04T17:32:07Z INF Unregistered tunnel connection connIndex=1
2022-02-04T17:32:08Z INF Connection e55835c4-5ac2-4511-9b9e-26bba4f56266 registered connIndex=3 location=IAD
2022-02-04T17:32:08Z INF Connection cbab1113-624e-41fd-af9c-6a277955cc72 registered connIndex=0 location=MIA
2022-02-04T17:32:10Z INF Connection b3f8aca9-8897-41af-a9e9-dfe658bd4c12 registered connIndex=1 location=IAD
2022-02-04T17:35:32Z INF Lost connection with the edge connIndex=0
2022-02-04T17:35:32Z WRN Serve tunnel error error="connection with edge closed" connIndex=0
2022-02-04T17:35:32Z INF Retrying connection in up to 1s seconds connIndex=0
2022-02-04T17:35:32Z INF Unregistered tunnel connection connIndex=0
2022-02-04T17:35:34Z INF Connection 8191dc8e-872c-4ecb-8bc1-f91a58220cd8 registered connIndex=0 location=TPA
2022-02-04T17:42:22Z INF Lost connection with the edge connIndex=0
2022-02-04T17:42:22Z WRN Serve tunnel error error="connection with edge closed" connIndex=0
2022-02-04T17:42:22Z INF Unregistered tunnel connection connIndex=0
2022-02-04T17:42:22Z INF Retrying connection in up to 1s seconds connIndex=0
2022-02-04T17:42:23Z INF Connection f32be972-993d-4e10-a9fb-858c63a53303 registered connIndex=0 location=TPA
2022-02-04T17:42:24Z INF Lost connection with the edge connIndex=3
2022-02-04T17:42:24Z WRN Serve tunnel error error="connection with edge closed" connIndex=3
2022-02-04T17:42:24Z INF Retrying connection in up to 1s seconds connIndex=3
2022-02-04T17:42:24Z INF Unregistered tunnel connection connIndex=3
2022-02-04T17:42:24Z INF Connection e275d69c-76f5-4201-8bcc-9c4bd8669fc1 registered connIndex=3 location=IAD
2022-02-04T17:47:33Z INF Lost connection with the edge connIndex=2
2022-02-04T17:47:33Z WRN Serve tunnel error error="connection with edge closed" connIndex=2
2022-02-04T17:47:33Z INF Retrying connection in up to 1s seconds connIndex=2
2022-02-04T17:47:33Z INF Unregistered tunnel connection connIndex=2
2022-02-04T17:47:33Z INF Lost connection with the edge connIndex=3
2022-02-04T17:47:33Z WRN Serve tunnel error error="connection with edge closed" connIndex=3
2022-02-04T17:47:33Z INF Retrying connection in up to 1s seconds connIndex=3
2022-02-04T17:47:33Z INF Unregistered tunnel connection connIndex=3
2022-02-04T17:47:33Z INF Lost connection with the edge connIndex=0
2022-02-04T17:47:33Z WRN Serve tunnel error error="connection with edge closed" connIndex=0
2022-02-04T17:47:33Z INF Retrying connection in up to 1s seconds connIndex=0
2022-02-04T17:47:33Z INF Unregistered tunnel connection connIndex=0
2022-02-04T17:47:34Z INF Connection 68df6059-5cf4-40c4-8018-02a170590be2 registered connIndex=2 location=MIA
2022-02-04T17:47:34Z INF Connection fd6fdc51-9f4a-4f4f-9ed7-bbb9e5c9d704 registered connIndex=3 location=IAD
2022-02-04T17:47:35Z INF Connection c5af1cd8-6c0c-40e1-a139-cae2c72b8223 registered connIndex=0 location=TPA
2022-02-04T17:56:07Z INF Lost connection with the edge connIndex=0
2022-02-04T17:56:07Z WRN Serve tunnel error error="connection with edge closed" connIndex=0
2022-02-04T17:56:07Z INF Retrying connection in up to 1s seconds connIndex=0
2022-02-04T17:56:07Z INF Unregistered tunnel connection connIndex=0
2022-02-04T17:56:08Z INF Lost connection with the edge connIndex=2
2022-02-04T17:56:08Z WRN Serve tunnel error error="connection with edge closed" connIndex=2
2022-02-04T17:56:08Z INF Retrying connection in up to 1s seconds connIndex=2
2022-02-04T17:56:08Z INF Unregistered tunnel connection connIndex=2
2022-02-04T17:56:09Z INF Connection 351300d8-109e-4412-b439-e166bb9966c0 registered connIndex=0 location=TPA
2022-02-04T17:56:10Z INF Connection e94c0b23-6e23-4c17-86a8-a9528a971b9b registered connIndex=2 location=MIA
2022-02-04T18:13:45Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85dfef892f7417-LHR originService=https://192.168.0.10:18443
2022-02-04T18:13:47Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85dff79898744f-LHR originService=https://192.168.0.10:18443
2022-02-04T18:14:55Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1a1c9a7349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:55Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1a6de9a349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:56Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1a8682e349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:56Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1aa099b349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:56Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1ab9b2e349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:56Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1ad3cc7349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:57Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1aece46349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:57Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1b05fe3349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:58Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1b1e95f349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:58Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1b67dc2349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:58Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1b80f26349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:58Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1b99873349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:59Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1bb0988349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:59Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1bcab53349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:59Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1be3cb1349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:14:59Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1bfadfe349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:15:00Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1c13f73349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:15:00Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1c2c937349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:15:00Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1c46aad349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:15:00Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1c5fc01349f-NRT originService=https://192.168.0.10:18443
2022-02-04T18:22:35Z INF Initiating graceful shutdown due to signal terminated ...
2022-02-04T18:22:36Z INF Unregistered tunnel connection connIndex=1
2022-02-04T18:22:36Z INF Unregistered tunnel connection connIndex=0
2022-02-04T18:22:36Z INF Unregistered tunnel connection connIndex=2
2022-02-04T18:22:36Z INF Unregistered tunnel connection connIndex=3
2022-02-04T18:22:36Z INF Tunnel server stopped
2022-02-04T18:22:36Z INF Metrics server stopped
2022-02-04T18:22:36Z INF Starting tunnel tunnelID=02c0092f-8b9f-484e-a097-efde75ff8964
2022-02-04T18:22:36Z INF Version 2022.2.0
2022-02-04T18:22:36Z INF GOOS: linux, GOVersion: go1.17.1, GoArch: amd64
2022-02-04T18:22:36Z INF Settings: map[cred-file:/home/nonroot/.cloudflared/02c0092f-8b9f-484e-a097-efde75ff8964.json credentials-file:/home/nonroot/.cloudflared/02c0092f-8b9f-484e-a097-efde75ff8964.json no-autoupdate:true]
2022-02-04T18:22:36Z INF Generated Connector ID: d2c169f1-58f0-41b7-bae2-8e7fa5544bfe
2022-02-04T18:22:37Z INF Initial protocol http2
2022-02-04T18:22:37Z INF Starting metrics server on 127.0.0.1:38511/metrics
2022-02-04T18:22:38Z INF Connection 787bb6e0-5586-4c3e-ab7f-02891f51e3bb registered connIndex=0 location=TPA
2022-02-04T18:22:38Z INF Connection 6771811b-53d8-4e05-8f42-da362c2ea71e registered connIndex=1 location=IAD
2022-02-04T18:22:40Z INF Connection ad9637ba-7abf-4201-926e-70e0d26baa02 registered connIndex=2 location=TPA
2022-02-04T18:22:41Z INF Connection 7b430ef2-f892-4a3a-912c-f26df4f5ef95 registered connIndex=3 location=IAD
2022-02-04T18:24:29Z INF Initiating graceful shutdown due to signal terminated ...
2022-02-04T18:24:30Z INF Unregistered tunnel connection connIndex=1
2022-02-04T18:24:30Z INF Unregistered tunnel connection connIndex=0
2022-02-04T18:24:30Z INF Unregistered tunnel connection connIndex=2
2022-02-04T18:24:30Z INF Unregistered tunnel connection connIndex=3
2022-02-04T18:24:30Z INF Tunnel server stopped
2022-02-04T18:24:30Z INF Metrics server stopped
2022-02-04T18:24:30Z INF Starting tunnel tunnelID=02c0092f-8b9f-484e-a097-efde75ff8964
2022-02-04T18:24:30Z INF Version 2022.2.0
2022-02-04T18:24:30Z INF GOOS: linux, GOVersion: go1.17.1, GoArch: amd64
2022-02-04T18:24:30Z INF Settings: map[cred-file:/home/nonroot/.cloudflared/02c0092f-8b9f-484e-a097-efde75ff8964.json credentials-file:/home/nonroot/.cloudflared/02c0092f-8b9f-484e-a097-efde75ff8964.json no-autoupdate:true]
2022-02-04T18:24:30Z INF Generated Connector ID: 3b882a22-b0d8-4d96-aa48-45b370c6ded4
2022-02-04T18:24:30Z INF Initial protocol http2
2022-02-04T18:24:30Z INF Starting metrics server on 127.0.0.1:44691/metrics
2022-02-04T18:24:31Z INF Connection 97ce72a2-4efd-4765-86f6-853c44d9ef91 registered connIndex=0 location=MIA
2022-02-04T18:24:32Z INF Connection b1a06f9f-dcf5-4901-8c08-6c221ab91995 registered connIndex=1 location=IAD
2022-02-04T18:24:33Z INF Connection e7ce03e3-dbaf-4912-92cd-7378a07a189f registered connIndex=2 location=MIA
2022-02-04T18:24:34Z INF Connection 73640253-714e-4948-9065-5fdd40b3d959 registered connIndex=3 location=IAD
2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602d458a51396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602d6bb621396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602d7acb21396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602d88dd71396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602d96f041396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602da68601396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602db59a21396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602dc4b001396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602dd4c4e1396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602de2dcf1396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602df3f141396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e028831396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e139a81396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e22ae71396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e31c2f1396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e43d8b1396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e53ed11396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e61fd71396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e708cd1396-SEA originService=https://192.168.0.10:18443
2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e7f9ec1396-SEA originService=https://192.168.0.10:18443

 

Any ideas on what else I could try?

 

Thank you beforehand.

Link to comment

Thanks @LeoRX

 

That's how I have every single one of my sub-domains.

 

As you can see here, both the www and the fw (for "Firewall") are running the DDNS updates from my PFSense (I realized just now that's overkill), the CNAME at the bottom is my root domain using the UUID of the tunnel as the content, everything else uses content to the root domain, proxied and auto:

DNS-Cloudflare.thumb.png.3cd3a1c4dd6e165e0718f4d58285b7eb.png

Never mind the "proxy" and "tunnel" sub-domains. I was trying to use those as the originServerName in my config.yaml, hoping that it would break the access to my NextCloud, but it didn't.

 

Both resolved in the CloudflareD log, and I still have access to my NextCloud from the internet.

 

I'm thinking it has something to do with NPM, or I should say, I must be doing something wrong in NPM.

 

I'm going to try later today to create a certificate for each docker I want in the tunnel, and add it to NPM, because there is evidently a communication issue between CF and NPM.

 

If this leads anywhere, I'll make sure to let you guys know.

 

By the way, I apologize for saying I had my root domain doing the DDNS in my PFSense, I completely forgot that I had to change it to CNAME to make this work and changed it to the "fw" sub-domain.

 

Edited by portonalga
Fixed pic
Link to comment
3 hours ago, portonalga said:

Thanks @LeoRX

 

That's how I have every single one of my sub-domains.

 

As you can see here, both the www and the fw (for "Firewall") are running the DDNS updates from my PFSense (I realized just now that's overkill), the CNAME at the bottom is my root domain using the UUID of the tunnel as the content, everything else uses content to the root domain, proxied and auto:

DNS-Cloudflare.thumb.png.60c7d54495644e681b77c5ee5dff6c58.png

Never mind the "proxy" and "tunnel" sub-domains. I was trying to use those as the originServerName in my config.yaml, hoping that it would break the access to my NextCloud, but it didn't.

 

Both resolved in the CloudflareD log, and I still have access to my NextCloud from the internet.

 

I'm thinking it has something to do with NPM, or I should say, I must be doing something wrong in NPM.

 

I'm going to try later today to create a certificate for each docker I want in the tunnel, and add it to NPM, because there is evidently a communication issue between CF and NPM.

 

If this leads anywhere, I'll make sure to let you guys know.

 

By the way, I apologize for saying I had my root domain doing the DDNS in my PFSense, I completely forgot that I had to change it to CNAME to make this work and changed it to the "fw" sub-domain.

 

 

Could you try switching your originServerName from nc.my-domain.com to just my-domain.com ?

 

It definitely possible that this is an issue with NPM and not CF and related to the certificates that are being returned. The issue may be that on non the non nc subdomain the certificate that is being returned is upsetting CF somehow. In general I recommend for CF and NPM to make one SSL certificate with *.your-domain.com and your-domain.com. You would then attach this to all of your subdomains and root domain under CF. It may be that on the non NC subdomain CF is expecting NC (because of the originServerName) where it gets a different one and rejects it. However, I'm not really sure why noTLSVerify wouldn't have fixed it unless it still verifies the origin regardless. 

 

You may also want to try doing a test setup with another proxy manager (SWAG), which will automatically generate the certs. If you are able to get swag working with CF then its likely an NPM certificate issue.

Edited by aeleos
  • Thanks 1
Link to comment

I tried switching my originServerName from nc.my-domain.com to just my-domain.com and as soon as I restarted the CloudflareD docker I got an Error 502 from CF.

 

I'll try Swag (I started with Swag, but NPM is more "user friendly" for me in terms of UI).

 

Thank you so much for the tip.

 

I can't try until tonight, because my wife is uploading pics from her phone all day long, if I take it offline now, I'm in for uncomfortable moments, hehe!

 

I'll come back with the results.

Link to comment

i'm using subdomain.mydomain.com for originServerName and using NPM as reverse proxy, so i don't think its originServerName or NPM issue. It looks more like npm issue then cloudflared issue.

 

I did noticed a couple of things for you to try.

- Set noTLSVerify to true while troubleshooting

- Your prioxy host destination are https.  are they self signed cert?  do they have proxy_ssl_verify set to off in npm?  The reason I asked is because I had to set something similar with Caddy.   

- All my proxy host destination in NPM are http.  maybe try that with one of your proxy host.

- What is the SSL setting for your proxy host?  I know Cloudflare cert can be used, but I'm using Let's Encrypt via DNS Challenge.

  • Thanks 1
Link to comment

I am having the same issue as portonalga. Everything seem to work but the log is spitting out disconnects/reconnects/unregistrered connections and all kinds of errors. 

 

I am using a wildcard cert *.mydomain.com (let's encrypt - Cloudflare) for my subdomains. 

in my config.yml I have put subdomain.mydomain.com as only mydomain.com would give me 502. 

 

Not sure what information is necessary. 

Link to comment
6 hours ago, kakmoster said:

I am having the same issue as portonalga. Everything seem to work but the log is spitting out disconnects/reconnects/unregistrered connections and all kinds of errors. 

 

I am using a wildcard cert *.mydomain.com (let's encrypt - Cloudflare) for my subdomains. 

in my config.yml I have put subdomain.mydomain.com as only mydomain.com would give me 502. 

 

Not sure what information is necessary. 

 

@kakmoster change your config.yaml to a subdomain again. It just won't work with the root domain, at least not with NPM and the streamline I followed to set up the CloudflareD docker service. This is the link to the instructions I followed, which work like a charm.

 

Well, I have to apologize once again, because as it happens, the problem was not Cloudflare, or any of the dockers, or certificates or anything related to technology at all.

 

It was, as it is 90% of the times, a user error, because the user (me) was ignorant, and chose to remain ignorant.

 

Since I had never used NPM, I basically added everything just like I added Nextcloud, which accessible over HTTPS, not even giving it any mind.

 

As you see in my first post asking for help, I have ALL of the instances on HTTPS:

image.png.3ddab6123bdaa3549f57e6d164ec9994.png

 

So, I started thinking "maybe these dockers and services don't work over HTTPS, and the tunnel and NPM are what's going to secure them over HTTPS". Lo and behold, now all of them work (with the exception of my PFSense, I haven't figured that one out yet, but I know I'm keeping it on HTTP until I figure it out).

 

The solution?, here it is:

Solution.thumb.png.9058a5e8e8767a9a1bc6dba0da0b78d8.png

 

Having said that, as I mentioned at the start of my post, I want to apologize to everyone in this thread, in special to @LeoRX and @aeleos for making you waste your time.

 

This networking and security path is tricky, and I thank God that the community is (for the most part) so tightly knit and willing to help each other.

 

You guys are a blessing, thank you so much for helping me out. At the very least, your comments and suggestions led me to look deeper into it and finally figure it out.

 

This is why the saying of "Give a man a fish...." is so true. I am certain that if someone had given me the answer from the get-go I would just have done it and be done with it. But then I would never have tried to look around, research and finally come up with a solution by myself (after all the input and suggestions from the great folks here), which means I would still be ignorant of some stuff that now I understand much better.

Edited by portonalga
Link to comment

Hey @portonalga no problem. Don't feel like you wasted our time, it takes a lot of effort to get to the point where you have set something up enough that you can ask in depth troubleshooting questions, so its always worth it helping someone out regardless if the problem is actually what they think it is.

 

But yes, looking back at your post that is likely the issue you were seeing. Likely you could have found the information you are looking for, but NPM hides the individual NGINX logs for each service fairly deep in the filesystem, behind folders that don't tell you what service it is for. That's one of the reasons I personally switched away from it, it makes it very hard to debug why one service is not working when others are. SWAG and traefik (which really wasn't as bad to set up as I expected) do this much better. 

 

I'm glad you were able to get it working and hopefully your family are now able to experience the SLA uptime that they need.

  • Thanks 1
Link to comment

Also @kakmoster and @portonalga just a note about the subdomain.mydomain vs root domain question. You "should" be able to get it to work with the root domain, and that is the way its intended to set up. The subdomain trick is likely something that is needed only because your SSL certificates aren't what CF is expecting to get for all of the different domain traffic it is receiving. 

 

The way to get it working is that in NPM, you can create one certificate with multiple domains, where you want one for your root domain and one a subdomain wildcard. These should be part of one certificate, and this should allow you to use your root domain as the origin server domain. From my memory, if you use traefik or SWAG you won't run into this issue because it creates that certificate automatically.

  • Like 1
Link to comment

You know what? I'm going to delete all certificates and re-create just the one with the directions you mention.

 

I know some people will go the "why fix it if it's not broken?" way, but if you ask me, this just became way more interesting, and if the chance of breaking it is the price I pay for trying to make it work as the developer intended, then totally worth it.

 

Be right back with my findings, and a whole lot of tears if I end up breaking it again, LOL.

 

I just wish my wife would understand why I find all this to be so much fun. She hates I spend so much time with these things. In any case, at least I'm not out there getting drunk and stuff, hehe.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.