neruve Posted October 25, 2021 Share Posted October 25, 2021 3 hours ago, Shomil Saini said: Oh, thanks a bunch. Is it a paid service as I only have a free account to tinker with. I went to that site and it asks to create a domain and stuff. Just want to know what I am getting into. Much Appreciated. It's free, just login with your cloudflare account. Cloudflare does have to be your nameserver though. 1 Quote Link to comment
Liqwid_Kirk Posted November 3, 2021 Share Posted November 3, 2021 Anyone else have this problem? I delete my first tunnel, deleted cloudflared, cleaned the appdata, and am now trying to create another tunnel. I keep getting this error message when I'm trying to set up the tunnel in the terminal window. I login to cloudflare and authorize the tunnel and close the window and in the terminal window, this pops up Leave cloudflared running to download the cert automatically. error writing cert to /home/nonroot/.cloudflared/cert.pem: open /home/nonroot/.cloudflared/cert.pem: permission denied Anyone have any idea how to fix this? Very new to all of this Quote Link to comment
LeoRX Posted November 3, 2021 Share Posted November 3, 2021 (edited) 14 hours ago, Liqwid_Kirk said: Anyone else have this problem? I delete my first tunnel, deleted cloudflared, cleaned the appdata, and am now trying to create another tunnel. I keep getting this error message when I'm trying to set up the tunnel in the terminal window. I login to cloudflare and authorize the tunnel and close the window and in the terminal window, this pops up Leave cloudflared running to download the cert automatically. error writing cert to /home/nonroot/.cloudflared/cert.pem: open /home/nonroot/.cloudflared/cert.pem: permission denied Anyone have any idea how to fix this? Very new to all of this I'm guessing permission issue with your /mnt/user/appdata/cloudflared folder. try run chown nobody:users /mnt/user/appdata/cloudflared then login again. Edited November 4, 2021 by LeoRX Quote Link to comment
Liqwid_Kirk Posted November 4, 2021 Share Posted November 4, 2021 12 hours ago, LeoRX said: I'm guessing permission issue with your /mnt/user/appdata/cloudflared folder. try run chwon nobody:users /mnt/user/appdata/cloudflared then login again. It just give me this when I run it in terminal: "bash: chwon: command not found" Quote Link to comment
LeoRX Posted November 4, 2021 Share Posted November 4, 2021 1 hour ago, Liqwid_Kirk said: It just give me this when I run it in terminal: "bash: chwon: command not found" sorry about the typo. "chown nobody:users /mnt/user/appdata/cloudflared" 1 Quote Link to comment
Liqwid_Kirk Posted November 5, 2021 Share Posted November 5, 2021 Still gave me the same error Quote Link to comment
LeoRX Posted November 5, 2021 Share Posted November 5, 2021 13 minutes ago, Liqwid_Kirk said: Still gave me the same error "bash: chown: command not found"? where are you running this command? the goal is change the permission of /mnt/user/appdata/cloudflared so when you execute the login command, it can save the certificate. Quote Link to comment
Liqwid_Kirk Posted November 5, 2021 Share Posted November 5, 2021 12 hours ago, LeoRX said: "bash: chown: command not found"? where are you running this command? the goal is change the permission of /mnt/user/appdata/cloudflared so when you execute the login command, it can save the certificate. No, that worked. It was the login attempt after, still gave the same error Quote Link to comment
Liqwid_Kirk Posted November 5, 2021 Share Posted November 5, 2021 12 hours ago, LeoRX said: where are you running this command? I'm running it in the unraid terminal Quote Link to comment
psycmos Posted November 21, 2021 Share Posted November 21, 2021 (edited) On 11/3/2021 at 10:07 PM, LeoRX said: I'm guessing permission issue with your /mnt/user/appdata/cloudflared folder. try run chown nobody:users /mnt/user/appdata/cloudflared then login again. I have the same issue... The solution is replace 755 from folder to 777 mkdir -p /mnt/user/appdata/cloudflared/ && chmod -R 777 /mnt/user/appdata/cloudflared/ After that you can keep sending the other commands, it will work Edited November 21, 2021 by psycmos 2 2 Quote Link to comment
paperblankets Posted November 27, 2021 Share Posted November 27, 2021 (edited) On 11/20/2021 at 8:39 PM, psycmos said: I have the same issue... The solution is replace 755 from folder to 777 mkdir -p /mnt/user/appdata/cloudflared/ && chmod -R 777 /mnt/user/appdata/cloudflared/ After that you can keep sending the other commands, it will work In my case the container complains returns the following error after updating these permissions: <Timestamp> INF Starting tunnel tunnelID=<UUID> Tunnel credentials file 'home/nonroot/.cloudflared/<UUID>.json' doesn't exist or is not a file That file seems to be properly shared: ls -li /mnt/user/appdata/cloudflared/ total 12 <size> -rwxrwxrwx 1 nobody users 188 Nov 27 01:09 <UUID>.json* <size> -rwxrwxrwx 1 nobody users 1938 Nov 27 01:08 cert.pem* <size> -rwxrwxrwx 1 nobody users 249 Nov 27 01:13 config.yaml* Anyone have any ideas? Could someone tell me what their permissions look like on those files and what line endings those files have? Also what version of the container is working for you at this point might be helpful. Thanks for your time. Edited November 27, 2021 by paperblankets Formatting Quote Link to comment
Profezor Posted December 5, 2021 Share Posted December 5, 2021 (edited) Had my system working well, but I had to delete and redo. Now I can get the argo tunnel to work. My error message is (real numbers obscured) - 2021-12-05T05:01:43Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate is not valid for any names, but wanted to match brownfamily.se" cfRay=XXXXXXXXXX7ac5ed885-CPH originService=https://192.168.40.100:2053 I know the answer is simple. Any ideas? I followed Ibracorp's video both times. Yes, I know this has been asked before, but the "answers" didn't help. Thanks Edited December 5, 2021 by Profezor Quote Link to comment
Profezor Posted December 5, 2021 Share Posted December 5, 2021 On 6/6/2021 at 8:16 AM, mrunsuitable said: When I run the initial tunnel list command I get - Error locating origin cert: Client didn't specify origincert path when running from terminal - is there an initial setup step I missed? Same error. What was the solution? Quote Link to comment
nu11P4nD4 Posted December 14, 2021 Share Posted December 14, 2021 Anybody know how to set a timezone for the docker? I tried setting an environmental variable but it doesn't update the log timestamps... Quote Link to comment
Portonalga Posted February 4, 2022 Share Posted February 4, 2022 So, I've tried "noTLSVerify: true" setting CF to SSL/TLS encryption Full, and still a no-go. I haven't tried to add more CloudflareD dockers because I only have 1 domain, registered with Cloudflare directly (10 years for 85 dollars, nice). I have the situation when trying to add services (dockers) in my UnRAID server at home that only the one pointing at my nextcloud will work. At least my Nextcloud docker is working great with the tunnel. I'm using NginxProxyManager docker, and this is how it looks: I created my origin certificate and using it for all the proxy hosts.My config.yaml looks like this: tunnel: 02c0092f-xxxx-xxx-xxxx-efde75ff8964 credentials-file: /home/nonroot/.cloudflared/02c0092f-xxxx-xxx-xxxx-efde75ff8964.json # NOTE: You should only have one ingress tag, so if you uncomment one block comment the others # forward all traffic to Reverse Proxy w/ SSL ingress: - service: https://192.168.0.10:18443 originRequest: originServerName: nc.my-domain.com #forward all traffic to Reverse Proxy w/ SSL and no TLS Verify #ingress: # - service: https://REVERSEPROXYIP:PORT # originRequest: # noTLSVerify: true # forward all traffic to reverse proxy over http #ingress: # - service: http://REVERSEPROXYIP:PORT The reason I am using a subdomain as my origin server is because it does not work with the root domain. According to https://ibracorp.gitbook.io/cloudflare-tunnel/ it should work with any subdomain like this, however, when I try to use any subdomain other than nc (for NextCloud) I always get an error 502 from cloudflare: If I run: curl -Ikv https://nc.my-domain.com --resolve nc.my-domain.com:444:192.168.0.10 I get these results: * Added nc.my-domain.com:444:192.168.0.10 to DNS cache * Trying 104.21.57.60:443... * Connected to nc.my-domain.com (104.21.57.60) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: none * CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com * start date: Feb 3 00:00:00 2022 GMT * expire date: Feb 2 23:59:59 2023 GMT * issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x494b00) > HEAD / HTTP/2 > Host: nc.my-domain.com > user-agent: curl/7.79.1 > accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * Connection state changed (MAX_CONCURRENT_STREAMS == 256)! < HTTP/2 302 HTTP/2 302 < date: Fri, 04 Feb 2022 17:04:24 GMT date: Fri, 04 Feb 2022 17:04:24 GMT < content-type: text/html; charset=UTF-8 content-type: text/html; charset=UTF-8 < location: https://nc.my-domain.com/login location: https://nc.my-domain.com/login < cache-control: no-store, no-cache, must-revalidate cache-control: no-store, no-cache, must-revalidate < content-security-policy: default-src 'self'; script-src 'self' 'nonce-YjdDa1NKQWp0R2VLaEdGYjBZdzUyVnFnWjdtM0pYZHhVd3NxNDkxOVFaTT06SU9icUNxWlUxUlBEL1JBNW9QeGVyalhDTThQRUVBVVVCVmxhMitVVEp0ND0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; content-security-policy: default-src 'self'; script-src 'self' 'nonce-YjdDa1NKQWp0R2VLaEdGYjBZdzUyVnFnWjdtM0pYZHhVd3NxNDkxOVFaTT06SU9icUNxWlUxUlBEL1JBNW9QeGVyalhDTThQRUVBVVVCVmxhMitVVEp0ND0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; < expires: Thu, 19 Nov 1981 08:52:00 GMT expires: Thu, 19 Nov 1981 08:52:00 GMT < pragma: no-cache pragma: no-cache < referrer-policy: no-referrer referrer-policy: no-referrer < set-cookie: oc_sessionPassphrase=FA01vnzm1ZQmr25UP1C%2BSnT9gUFifKElOdF3Qui8oLbNMCftXndK488usHSKrge3b0nfZsd4MR8LWzRoBfLkdfA1kHHCCzlxzx6ofSr8jqF%2FuBZRt8kIgifOLU4djQfc; path=/; secure; HttpOnly; SameSite=Lax set-cookie: oc_sessionPassphrase=FA01vnzm1ZQmr25UP1C%2BSnT9gUFifKElOdF3Qui8oLbNMCftXndK488usHSKrge3b0nfZsd4MR8LWzRoBfLkdfA1kHHCCzlxzx6ofSr8jqF%2FuBZRt8kIgifOLU4djQfc; path=/; secure; HttpOnly; SameSite=Lax < set-cookie: ocbbybzf14ew=mktf5gihqiluihdif096q7p28i; path=/; secure; HttpOnly; SameSite=Lax set-cookie: ocbbybzf14ew=mktf5gihqiluihdif096q7p28i; path=/; secure; HttpOnly; SameSite=Lax < set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax < set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict < strict-transport-security: max-age=63072000; preload strict-transport-security: max-age=63072000; preload < x-content-type-options: nosniff x-content-type-options: nosniff < x-download-options: noopen x-download-options: noopen < x-frame-options: SAMEORIGIN x-frame-options: SAMEORIGIN < x-permitted-cross-domain-policies: none x-permitted-cross-domain-policies: none < x-robots-tag: none x-robots-tag: none < x-served-by: nc.my-domain.com x-served-by: nc.my-domain.com < x-xss-protection: 1; mode=block x-xss-protection: 1; mode=block < cf-cache-status: DYNAMIC cf-cache-status: DYNAMIC < expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" < report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2B8SLbS4qy3ooSCbyvGbamNd47Nd%2FBNbS9mAsEChCEny5SA3XkYFpAuEXXjE2Cctf5n0hkVGnUFuE81NoDZ1vUPZbkTYrWi6IiEHo18WdjZ%2B6qv2YQqrKYDT3sx5FSMDXkbUwPk%3D"}],"group":"cf-nel","max_age":604800} report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2B8SLbS4qy3ooSCbyvGbamNd47Nd%2FBNbS9mAsEChCEny5SA3XkYFpAuEXXjE2Cctf5n0hkVGnUFuE81NoDZ1vUPZbkTYrWi6IiEHo18WdjZ%2B6qv2YQqrKYDT3sx5FSMDXkbUwPk%3D"}],"group":"cf-nel","max_age":604800} < nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} < server: cloudflare server: cloudflare < cf-ray: 6d857a4b5bc7e116-IAD cf-ray: 6d857a4b5bc7e116-IAD < alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 < * Connection #0 to host nc.my-domain.com left intact And it works perfectly fine, but if I try with ("bw" is for my vaultwarden docker): curl -Ikv https://bw.my-domain.com --resolve bw.my-domain.com:4743:192.168.0.10 The results are these: * Added bw.my-domain.com:4743:192.168.0.10 to DNS cache * Trying 172.67.159.228:443... * Connected to bw.my-domain.com (172.67.159.228) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: none * CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com * start date: Feb 3 00:00:00 2022 GMT * expire date: Feb 2 23:59:59 2023 GMT * issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x494b00) > HEAD / HTTP/2 > Host: bw.my-domain.com > user-agent: curl/7.79.1 > accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * Connection state changed (MAX_CONCURRENT_STREAMS == 256)! < HTTP/2 502 HTTP/2 502 < date: Fri, 04 Feb 2022 17:02:59 GMT date: Fri, 04 Feb 2022 17:02:59 GMT < content-type: text/html content-type: text/html < cf-cache-status: DYNAMIC cf-cache-status: DYNAMIC < expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" < report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bialhy6Yk2wOfqIzpZhB5hARq8HLYARVC6%2FuZ7yM5ZgTQHuYRA3%2B8AGRfK9K5Y1qTKVC9Ttj46iqvrw6obnzgy8803DNyGn1ML4Yb%2FnrNaLodrilxHWnS1ep3eY9tsSRnVja42o%3D"}],"group":"cf-nel","max_age":604800} report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bialhy6Yk2wOfqIzpZhB5hARq8HLYARVC6%2FuZ7yM5ZgTQHuYRA3%2B8AGRfK9K5Y1qTKVC9Ttj46iqvrw6obnzgy8803DNyGn1ML4Yb%2FnrNaLodrilxHWnS1ep3eY9tsSRnVja42o%3D"}],"group":"cf-nel","max_age":604800} < nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} < server: cloudflare server: cloudflare < cf-ray: 6d8578464e18b3ee-IAH cf-ray: 6d8578464e18b3ee-IAH < alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 < * Connection #0 to host bw.my-domain.com left intact And it's the same result for anything other than the subdomain for Nextcloud. I have a PFsense box in front of it getting DDNS from cloudflare at the root domain and the "www." subdomain, and it's pulling my IP just fine (I know that's not needed, but it doesn't hurt either, I think). Same thing with the "unraid" subdomain to try and access my Unraid instance. At this point I can reach my UnRAID via Wireguard, but to allow my wife and kids to have their Bitwarden access outside the house, I really need to get it to tunnel over CF. I even tried eliminating and recreating the cert/key, still same results, only the nc subdomain works and opens reaches nextcloud, everything else is a 502 error. Another thing that's blowing my mind is that, even though Nextcloud is working, I keep seeing this error in the ClouflareD log: 2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602d458a51396-SEA originService=https://192.168.0.10:18443 This is the full log: ErrorWarningSystemArrayLogin 2022-02-04T16:33:43Z INF Starting tunnel tunnelID=02c0092f-8b9f-484e-a097-efde75ff8964 2022-02-04T16:33:43Z INF Version 2022.2.0 2022-02-04T16:33:43Z INF GOOS: linux, GOVersion: go1.17.1, GoArch: amd64 2022-02-04T16:33:43Z INF Settings: map[cred-file:/home/nonroot/.cloudflared/02c0092f-8b9f-484e-a097-efde75ff8964.json credentials-file:/home/nonroot/.cloudflared/02c0092f-8b9f-484e-a097-efde75ff8964.json no-autoupdate:true] 2022-02-04T16:33:43Z INF Generated Connector ID: f9d23c66-a989-46c6-a3a2-f9d064a84bdf 2022-02-04T16:33:43Z INF Initial protocol http2 2022-02-04T16:33:43Z INF Starting metrics server on 127.0.0.1:45829/metrics 2022-02-04T16:33:43Z INF Connection e3532300-9aef-42be-aabc-43ce2ef73bea registered connIndex=0 location=MIA 2022-02-04T16:33:44Z INF Connection 8aa60d78-6035-44c7-a28a-ccea7b45074b registered connIndex=1 location=IAD 2022-02-04T16:33:45Z INF Connection 0dc123ae-ef5b-43a5-90e9-cca54c26a5b7 registered connIndex=2 location=MIA 2022-02-04T16:33:46Z INF Connection 6ac7a43e-7e58-4010-9b3e-b04b303e906f registered connIndex=3 location=IAD 2022-02-04T16:48:23Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8562e1ba5871bd-LHR originService=https://192.168.0.10:18443 2022-02-04T16:48:24Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8562e6c80d8880-LHR originService=https://192.168.0.10:18443 2022-02-04T16:50:39Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8566338df77c47-LAX originService=https://192.168.0.10:18443 2022-02-04T16:51:44Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8567c8e8f77c5c-LAX originService=https://192.168.0.10:18443 2022-02-04T17:01:09Z INF Lost connection with the edge connIndex=1 2022-02-04T17:01:09Z WRN Serve tunnel error error="connection with edge closed" connIndex=1 2022-02-04T17:01:09Z INF Retrying connection in up to 1s seconds connIndex=1 2022-02-04T17:01:09Z INF Unregistered tunnel connection connIndex=1 2022-02-04T17:01:09Z INF Lost connection with the edge connIndex=2 2022-02-04T17:01:09Z WRN Serve tunnel error error="connection with edge closed" connIndex=2 2022-02-04T17:01:09Z INF Retrying connection in up to 1s seconds connIndex=2 2022-02-04T17:01:09Z INF Unregistered tunnel connection connIndex=2 2022-02-04T17:01:10Z INF Connection 114a8f80-7ef2-49ee-98eb-7dd6fdc7c8e1 registered connIndex=1 location=IAD 2022-02-04T17:01:10Z INF Lost connection with the edge connIndex=3 2022-02-04T17:01:10Z WRN Serve tunnel error error="connection with edge closed" connIndex=3 2022-02-04T17:01:10Z INF Retrying connection in up to 1s seconds connIndex=3 2022-02-04T17:01:10Z INF Unregistered tunnel connection connIndex=3 2022-02-04T17:01:11Z INF Connection 544ca0f8-2390-4362-942b-4821a2fb3e21 registered connIndex=2 location=MIA 2022-02-04T17:01:11Z INF Connection e22c31dc-6cc8-4a75-b5c2-e65d7491c94e registered connIndex=3 location=IAD 2022-02-04T17:28:38Z INF Lost connection with the edge connIndex=0 2022-02-04T17:28:38Z WRN Serve tunnel error error="connection with edge closed" connIndex=0 2022-02-04T17:28:38Z INF Retrying connection in up to 1s seconds connIndex=0 2022-02-04T17:28:38Z INF Unregistered tunnel connection connIndex=0 2022-02-04T17:28:40Z INF Lost connection with the edge connIndex=2 2022-02-04T17:28:40Z INF Unregistered tunnel connection connIndex=2 2022-02-04T17:28:40Z WRN Serve tunnel error error="connection with edge closed" connIndex=2 2022-02-04T17:28:40Z INF Retrying connection in up to 1s seconds connIndex=2 2022-02-04T17:28:40Z INF Connection 1a5951fd-40c1-45db-a2b2-39fb61a23ba4 registered connIndex=0 location=MIA 2022-02-04T17:28:42Z INF Connection ba6c29e3-56b3-4d10-a040-b0d2d8f61eda registered connIndex=2 location=TPA 2022-02-04T17:32:07Z INF Lost connection with the edge connIndex=3 2022-02-04T17:32:07Z WRN Serve tunnel error error="connection with edge closed" connIndex=3 2022-02-04T17:32:07Z INF Retrying connection in up to 1s seconds connIndex=3 2022-02-04T17:32:07Z INF Unregistered tunnel connection connIndex=3 2022-02-04T17:32:07Z INF Lost connection with the edge connIndex=0 2022-02-04T17:32:07Z WRN Serve tunnel error error="connection with edge closed" connIndex=0 2022-02-04T17:32:07Z INF Unregistered tunnel connection connIndex=0 2022-02-04T17:32:07Z INF Retrying connection in up to 1s seconds connIndex=0 2022-02-04T17:32:07Z INF Lost connection with the edge connIndex=1 2022-02-04T17:32:07Z WRN Serve tunnel error error="connection with edge closed" connIndex=1 2022-02-04T17:32:07Z INF Retrying connection in up to 1s seconds connIndex=1 2022-02-04T17:32:07Z INF Unregistered tunnel connection connIndex=1 2022-02-04T17:32:08Z INF Connection e55835c4-5ac2-4511-9b9e-26bba4f56266 registered connIndex=3 location=IAD 2022-02-04T17:32:08Z INF Connection cbab1113-624e-41fd-af9c-6a277955cc72 registered connIndex=0 location=MIA 2022-02-04T17:32:10Z INF Connection b3f8aca9-8897-41af-a9e9-dfe658bd4c12 registered connIndex=1 location=IAD 2022-02-04T17:35:32Z INF Lost connection with the edge connIndex=0 2022-02-04T17:35:32Z WRN Serve tunnel error error="connection with edge closed" connIndex=0 2022-02-04T17:35:32Z INF Retrying connection in up to 1s seconds connIndex=0 2022-02-04T17:35:32Z INF Unregistered tunnel connection connIndex=0 2022-02-04T17:35:34Z INF Connection 8191dc8e-872c-4ecb-8bc1-f91a58220cd8 registered connIndex=0 location=TPA 2022-02-04T17:42:22Z INF Lost connection with the edge connIndex=0 2022-02-04T17:42:22Z WRN Serve tunnel error error="connection with edge closed" connIndex=0 2022-02-04T17:42:22Z INF Unregistered tunnel connection connIndex=0 2022-02-04T17:42:22Z INF Retrying connection in up to 1s seconds connIndex=0 2022-02-04T17:42:23Z INF Connection f32be972-993d-4e10-a9fb-858c63a53303 registered connIndex=0 location=TPA 2022-02-04T17:42:24Z INF Lost connection with the edge connIndex=3 2022-02-04T17:42:24Z WRN Serve tunnel error error="connection with edge closed" connIndex=3 2022-02-04T17:42:24Z INF Retrying connection in up to 1s seconds connIndex=3 2022-02-04T17:42:24Z INF Unregistered tunnel connection connIndex=3 2022-02-04T17:42:24Z INF Connection e275d69c-76f5-4201-8bcc-9c4bd8669fc1 registered connIndex=3 location=IAD 2022-02-04T17:47:33Z INF Lost connection with the edge connIndex=2 2022-02-04T17:47:33Z WRN Serve tunnel error error="connection with edge closed" connIndex=2 2022-02-04T17:47:33Z INF Retrying connection in up to 1s seconds connIndex=2 2022-02-04T17:47:33Z INF Unregistered tunnel connection connIndex=2 2022-02-04T17:47:33Z INF Lost connection with the edge connIndex=3 2022-02-04T17:47:33Z WRN Serve tunnel error error="connection with edge closed" connIndex=3 2022-02-04T17:47:33Z INF Retrying connection in up to 1s seconds connIndex=3 2022-02-04T17:47:33Z INF Unregistered tunnel connection connIndex=3 2022-02-04T17:47:33Z INF Lost connection with the edge connIndex=0 2022-02-04T17:47:33Z WRN Serve tunnel error error="connection with edge closed" connIndex=0 2022-02-04T17:47:33Z INF Retrying connection in up to 1s seconds connIndex=0 2022-02-04T17:47:33Z INF Unregistered tunnel connection connIndex=0 2022-02-04T17:47:34Z INF Connection 68df6059-5cf4-40c4-8018-02a170590be2 registered connIndex=2 location=MIA 2022-02-04T17:47:34Z INF Connection fd6fdc51-9f4a-4f4f-9ed7-bbb9e5c9d704 registered connIndex=3 location=IAD 2022-02-04T17:47:35Z INF Connection c5af1cd8-6c0c-40e1-a139-cae2c72b8223 registered connIndex=0 location=TPA 2022-02-04T17:56:07Z INF Lost connection with the edge connIndex=0 2022-02-04T17:56:07Z WRN Serve tunnel error error="connection with edge closed" connIndex=0 2022-02-04T17:56:07Z INF Retrying connection in up to 1s seconds connIndex=0 2022-02-04T17:56:07Z INF Unregistered tunnel connection connIndex=0 2022-02-04T17:56:08Z INF Lost connection with the edge connIndex=2 2022-02-04T17:56:08Z WRN Serve tunnel error error="connection with edge closed" connIndex=2 2022-02-04T17:56:08Z INF Retrying connection in up to 1s seconds connIndex=2 2022-02-04T17:56:08Z INF Unregistered tunnel connection connIndex=2 2022-02-04T17:56:09Z INF Connection 351300d8-109e-4412-b439-e166bb9966c0 registered connIndex=0 location=TPA 2022-02-04T17:56:10Z INF Connection e94c0b23-6e23-4c17-86a8-a9528a971b9b registered connIndex=2 location=MIA 2022-02-04T18:13:45Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85dfef892f7417-LHR originService=https://192.168.0.10:18443 2022-02-04T18:13:47Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85dff79898744f-LHR originService=https://192.168.0.10:18443 2022-02-04T18:14:55Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1a1c9a7349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:55Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1a6de9a349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:56Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1a8682e349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:56Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1aa099b349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:56Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1ab9b2e349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:56Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1ad3cc7349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:57Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1aece46349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:57Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1b05fe3349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:58Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1b1e95f349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:58Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1b67dc2349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:58Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1b80f26349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:58Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1b99873349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:59Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1bb0988349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:59Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1bcab53349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:59Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1be3cb1349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:14:59Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1bfadfe349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:15:00Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1c13f73349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:15:00Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1c2c937349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:15:00Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1c46aad349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:15:00Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d85e1c5fc01349f-NRT originService=https://192.168.0.10:18443 2022-02-04T18:22:35Z INF Initiating graceful shutdown due to signal terminated ... 2022-02-04T18:22:36Z INF Unregistered tunnel connection connIndex=1 2022-02-04T18:22:36Z INF Unregistered tunnel connection connIndex=0 2022-02-04T18:22:36Z INF Unregistered tunnel connection connIndex=2 2022-02-04T18:22:36Z INF Unregistered tunnel connection connIndex=3 2022-02-04T18:22:36Z INF Tunnel server stopped 2022-02-04T18:22:36Z INF Metrics server stopped 2022-02-04T18:22:36Z INF Starting tunnel tunnelID=02c0092f-8b9f-484e-a097-efde75ff8964 2022-02-04T18:22:36Z INF Version 2022.2.0 2022-02-04T18:22:36Z INF GOOS: linux, GOVersion: go1.17.1, GoArch: amd64 2022-02-04T18:22:36Z INF Settings: map[cred-file:/home/nonroot/.cloudflared/02c0092f-8b9f-484e-a097-efde75ff8964.json credentials-file:/home/nonroot/.cloudflared/02c0092f-8b9f-484e-a097-efde75ff8964.json no-autoupdate:true] 2022-02-04T18:22:36Z INF Generated Connector ID: d2c169f1-58f0-41b7-bae2-8e7fa5544bfe 2022-02-04T18:22:37Z INF Initial protocol http2 2022-02-04T18:22:37Z INF Starting metrics server on 127.0.0.1:38511/metrics 2022-02-04T18:22:38Z INF Connection 787bb6e0-5586-4c3e-ab7f-02891f51e3bb registered connIndex=0 location=TPA 2022-02-04T18:22:38Z INF Connection 6771811b-53d8-4e05-8f42-da362c2ea71e registered connIndex=1 location=IAD 2022-02-04T18:22:40Z INF Connection ad9637ba-7abf-4201-926e-70e0d26baa02 registered connIndex=2 location=TPA 2022-02-04T18:22:41Z INF Connection 7b430ef2-f892-4a3a-912c-f26df4f5ef95 registered connIndex=3 location=IAD 2022-02-04T18:24:29Z INF Initiating graceful shutdown due to signal terminated ... 2022-02-04T18:24:30Z INF Unregistered tunnel connection connIndex=1 2022-02-04T18:24:30Z INF Unregistered tunnel connection connIndex=0 2022-02-04T18:24:30Z INF Unregistered tunnel connection connIndex=2 2022-02-04T18:24:30Z INF Unregistered tunnel connection connIndex=3 2022-02-04T18:24:30Z INF Tunnel server stopped 2022-02-04T18:24:30Z INF Metrics server stopped 2022-02-04T18:24:30Z INF Starting tunnel tunnelID=02c0092f-8b9f-484e-a097-efde75ff8964 2022-02-04T18:24:30Z INF Version 2022.2.0 2022-02-04T18:24:30Z INF GOOS: linux, GOVersion: go1.17.1, GoArch: amd64 2022-02-04T18:24:30Z INF Settings: map[cred-file:/home/nonroot/.cloudflared/02c0092f-8b9f-484e-a097-efde75ff8964.json credentials-file:/home/nonroot/.cloudflared/02c0092f-8b9f-484e-a097-efde75ff8964.json no-autoupdate:true] 2022-02-04T18:24:30Z INF Generated Connector ID: 3b882a22-b0d8-4d96-aa48-45b370c6ded4 2022-02-04T18:24:30Z INF Initial protocol http2 2022-02-04T18:24:30Z INF Starting metrics server on 127.0.0.1:44691/metrics 2022-02-04T18:24:31Z INF Connection 97ce72a2-4efd-4765-86f6-853c44d9ef91 registered connIndex=0 location=MIA 2022-02-04T18:24:32Z INF Connection b1a06f9f-dcf5-4901-8c08-6c221ab91995 registered connIndex=1 location=IAD 2022-02-04T18:24:33Z INF Connection e7ce03e3-dbaf-4912-92cd-7378a07a189f registered connIndex=2 location=MIA 2022-02-04T18:24:34Z INF Connection 73640253-714e-4948-9065-5fdd40b3d959 registered connIndex=3 location=IAD 2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602d458a51396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602d6bb621396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602d7acb21396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602d88dd71396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602d96f041396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602da68601396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:35Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602db59a21396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602dc4b001396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602dd4c4e1396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602de2dcf1396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602df3f141396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e028831396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e139a81396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e22ae71396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e31c2f1396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e43d8b1396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e53ed11396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e61fd71396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e708cd1396-SEA originService=https://192.168.0.10:18443 2022-02-04T18:37:37Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=6d8602e7f9ec1396-SEA originService=https://192.168.0.10:18443 Any ideas on what else I could try? Thank you beforehand. Quote Link to comment
LeoRX Posted February 5, 2022 Share Posted February 5, 2022 what does your dns management in cloudflare look like? you should have a CNAME my-domain.com Proxied Auto and a CNAME bw my-domain Proxied Auto 1 Quote Link to comment
Portonalga Posted February 5, 2022 Share Posted February 5, 2022 (edited) Thanks @LeoRX That's how I have every single one of my sub-domains. As you can see here, both the www and the fw (for "Firewall") are running the DDNS updates from my PFSense (I realized just now that's overkill), the CNAME at the bottom is my root domain using the UUID of the tunnel as the content, everything else uses content to the root domain, proxied and auto: Never mind the "proxy" and "tunnel" sub-domains. I was trying to use those as the originServerName in my config.yaml, hoping that it would break the access to my NextCloud, but it didn't. Both resolved in the CloudflareD log, and I still have access to my NextCloud from the internet. I'm thinking it has something to do with NPM, or I should say, I must be doing something wrong in NPM. I'm going to try later today to create a certificate for each docker I want in the tunnel, and add it to NPM, because there is evidently a communication issue between CF and NPM. If this leads anywhere, I'll make sure to let you guys know. By the way, I apologize for saying I had my root domain doing the DDNS in my PFSense, I completely forgot that I had to change it to CNAME to make this work and changed it to the "fw" sub-domain. Edited February 6, 2022 by portonalga Fixed pic Quote Link to comment
aeleos Posted February 5, 2022 Author Share Posted February 5, 2022 (edited) 3 hours ago, portonalga said: Thanks @LeoRX That's how I have every single one of my sub-domains. As you can see here, both the www and the fw (for "Firewall") are running the DDNS updates from my PFSense (I realized just now that's overkill), the CNAME at the bottom is my root domain using the UUID of the tunnel as the content, everything else uses content to the root domain, proxied and auto: Never mind the "proxy" and "tunnel" sub-domains. I was trying to use those as the originServerName in my config.yaml, hoping that it would break the access to my NextCloud, but it didn't. Both resolved in the CloudflareD log, and I still have access to my NextCloud from the internet. I'm thinking it has something to do with NPM, or I should say, I must be doing something wrong in NPM. I'm going to try later today to create a certificate for each docker I want in the tunnel, and add it to NPM, because there is evidently a communication issue between CF and NPM. If this leads anywhere, I'll make sure to let you guys know. By the way, I apologize for saying I had my root domain doing the DDNS in my PFSense, I completely forgot that I had to change it to CNAME to make this work and changed it to the "fw" sub-domain. Could you try switching your originServerName from nc.my-domain.com to just my-domain.com ? It definitely possible that this is an issue with NPM and not CF and related to the certificates that are being returned. The issue may be that on non the non nc subdomain the certificate that is being returned is upsetting CF somehow. In general I recommend for CF and NPM to make one SSL certificate with *.your-domain.com and your-domain.com. You would then attach this to all of your subdomains and root domain under CF. It may be that on the non NC subdomain CF is expecting NC (because of the originServerName) where it gets a different one and rejects it. However, I'm not really sure why noTLSVerify wouldn't have fixed it unless it still verifies the origin regardless. You may also want to try doing a test setup with another proxy manager (SWAG), which will automatically generate the certs. If you are able to get swag working with CF then its likely an NPM certificate issue. Edited February 5, 2022 by aeleos 1 Quote Link to comment
Portonalga Posted February 5, 2022 Share Posted February 5, 2022 I tried switching my originServerName from nc.my-domain.com to just my-domain.com and as soon as I restarted the CloudflareD docker I got an Error 502 from CF. I'll try Swag (I started with Swag, but NPM is more "user friendly" for me in terms of UI). Thank you so much for the tip. I can't try until tonight, because my wife is uploading pics from her phone all day long, if I take it offline now, I'm in for uncomfortable moments, hehe! I'll come back with the results. Quote Link to comment
LeoRX Posted February 6, 2022 Share Posted February 6, 2022 i'm using subdomain.mydomain.com for originServerName and using NPM as reverse proxy, so i don't think its originServerName or NPM issue. It looks more like npm issue then cloudflared issue. I did noticed a couple of things for you to try. - Set noTLSVerify to true while troubleshooting - Your prioxy host destination are https. are they self signed cert? do they have proxy_ssl_verify set to off in npm? The reason I asked is because I had to set something similar with Caddy. - All my proxy host destination in NPM are http. maybe try that with one of your proxy host. - What is the SSL setting for your proxy host? I know Cloudflare cert can be used, but I'm using Let's Encrypt via DNS Challenge. 1 Quote Link to comment
kakmoster Posted February 6, 2022 Share Posted February 6, 2022 I am having the same issue as portonalga. Everything seem to work but the log is spitting out disconnects/reconnects/unregistrered connections and all kinds of errors. I am using a wildcard cert *.mydomain.com (let's encrypt - Cloudflare) for my subdomains. in my config.yml I have put subdomain.mydomain.com as only mydomain.com would give me 502. Not sure what information is necessary. Quote Link to comment
Portonalga Posted February 6, 2022 Share Posted February 6, 2022 (edited) 6 hours ago, kakmoster said: I am having the same issue as portonalga. Everything seem to work but the log is spitting out disconnects/reconnects/unregistrered connections and all kinds of errors. I am using a wildcard cert *.mydomain.com (let's encrypt - Cloudflare) for my subdomains. in my config.yml I have put subdomain.mydomain.com as only mydomain.com would give me 502. Not sure what information is necessary. @kakmoster change your config.yaml to a subdomain again. It just won't work with the root domain, at least not with NPM and the streamline I followed to set up the CloudflareD docker service. This is the link to the instructions I followed, which work like a charm. Well, I have to apologize once again, because as it happens, the problem was not Cloudflare, or any of the dockers, or certificates or anything related to technology at all. It was, as it is 90% of the times, a user error, because the user (me) was ignorant, and chose to remain ignorant. Since I had never used NPM, I basically added everything just like I added Nextcloud, which accessible over HTTPS, not even giving it any mind. As you see in my first post asking for help, I have ALL of the instances on HTTPS: So, I started thinking "maybe these dockers and services don't work over HTTPS, and the tunnel and NPM are what's going to secure them over HTTPS". Lo and behold, now all of them work (with the exception of my PFSense, I haven't figured that one out yet, but I know I'm keeping it on HTTP until I figure it out). The solution?, here it is: Having said that, as I mentioned at the start of my post, I want to apologize to everyone in this thread, in special to @LeoRX and @aeleos for making you waste your time. This networking and security path is tricky, and I thank God that the community is (for the most part) so tightly knit and willing to help each other. You guys are a blessing, thank you so much for helping me out. At the very least, your comments and suggestions led me to look deeper into it and finally figure it out. This is why the saying of "Give a man a fish...." is so true. I am certain that if someone had given me the answer from the get-go I would just have done it and be done with it. But then I would never have tried to look around, research and finally come up with a solution by myself (after all the input and suggestions from the great folks here), which means I would still be ignorant of some stuff that now I understand much better. Edited February 6, 2022 by portonalga Quote Link to comment
aeleos Posted February 6, 2022 Author Share Posted February 6, 2022 Hey @portonalga no problem. Don't feel like you wasted our time, it takes a lot of effort to get to the point where you have set something up enough that you can ask in depth troubleshooting questions, so its always worth it helping someone out regardless if the problem is actually what they think it is. But yes, looking back at your post that is likely the issue you were seeing. Likely you could have found the information you are looking for, but NPM hides the individual NGINX logs for each service fairly deep in the filesystem, behind folders that don't tell you what service it is for. That's one of the reasons I personally switched away from it, it makes it very hard to debug why one service is not working when others are. SWAG and traefik (which really wasn't as bad to set up as I expected) do this much better. I'm glad you were able to get it working and hopefully your family are now able to experience the SLA uptime that they need. 1 Quote Link to comment
aeleos Posted February 6, 2022 Author Share Posted February 6, 2022 Also @kakmoster and @portonalga just a note about the subdomain.mydomain vs root domain question. You "should" be able to get it to work with the root domain, and that is the way its intended to set up. The subdomain trick is likely something that is needed only because your SSL certificates aren't what CF is expecting to get for all of the different domain traffic it is receiving. The way to get it working is that in NPM, you can create one certificate with multiple domains, where you want one for your root domain and one a subdomain wildcard. These should be part of one certificate, and this should allow you to use your root domain as the origin server domain. From my memory, if you use traefik or SWAG you won't run into this issue because it creates that certificate automatically. 1 Quote Link to comment
Portonalga Posted February 6, 2022 Share Posted February 6, 2022 You know what? I'm going to delete all certificates and re-create just the one with the directions you mention. I know some people will go the "why fix it if it's not broken?" way, but if you ask me, this just became way more interesting, and if the chance of breaking it is the price I pay for trying to make it work as the developer intended, then totally worth it. Be right back with my findings, and a whole lot of tears if I end up breaking it again, LOL. I just wish my wife would understand why I find all this to be so much fun. She hates I spend so much time with these things. In any case, at least I'm not out there getting drunk and stuff, hehe. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.