Profezor Posted April 4, 2022 Share Posted April 4, 2022 Is there an easy way to tell if the tunnel is working? A command perhaps? When I try to look at the clouldflared log - it is blank for a second and then crashes. No idea why. It is the only docker log that does that. But as a result, I can't see what is going on. Quote Link to comment
Profezor Posted April 4, 2022 Share Posted April 4, 2022 2 hours ago, Profezor said: Is there an easy way to tell if the tunnel is working? A command perhaps? When I try to look at the clouldflared log - it is blank for a second and then crashes. No idea why. It is the only docker log that does that. But as a result, I can't see what is going on. RESOLVED - Started from scratch. All working now Quote Link to comment
ppunraid Posted April 6, 2022 Share Posted April 6, 2022 I'm thinking of setting this up, but I have two questions: 1) How are you handling local access. You wouldn't want to go out to the internet to access your local resources. I already do split DNS, but if your pointing to a port, then I'd have to use a reverse proxy. 2) I have mixed services dependant on SWAG for it's security like pihole, nextcloud, graylog. But some of them have their own IP's that SWAG hook into. Would these services break? 3) Maybe out of scope here, but I want to setup another proxynet that doesn't use the main unraid IP address for this. Quote Link to comment
aeleos Posted April 7, 2022 Author Share Posted April 7, 2022 On 4/5/2022 at 6:45 PM, ppunraid said: I'm thinking of setting this up, but I have two questions: 1) How are you handling local access. You wouldn't want to go out to the internet to access your local resources. I already do split DNS, but if your pointing to a port, then I'd have to use a reverse proxy. 2) I have mixed services dependant on SWAG for it's security like pihole, nextcloud, graylog. But some of them have their own IP's that SWAG hook into. Would these services break? 3) Maybe out of scope here, but I want to setup another proxynet that doesn't use the main unraid IP address for this. 1) I handle local access using PiHole on a raspberry pi, with Local DNS entires for each of my subdomains to point them back to the internal unraid IP address. I have a dd-wrt router that points DHCP clients to the pihole for DNS requests. I have a reverse proxy (Previously SWAG but now Traefik) on port 443 on unraid, so that the redirected requests look the same from inside and outside the network (same subdomain, https, etc). 2) I'm not exactly sure what you mean here, but you should be able to set up pihole and nextcloud as I have them working with this. In general you can either specify a different origin ip address for a specific subdomain with the cloudflare configuration itself, or you can have everything go to a reverse proxy and have the proxy point to a different IP address. 3) I'm also not exactly sure what you mean here but if you are talking about running the CF tunnels connection through a proxy it should be possible but it would likely increase the latency a fair bit. Quote Link to comment
Iceman24 Posted April 7, 2022 Share Posted April 7, 2022 (edited) How do you use this with the new GUI config Cloudflare came out with? They make it sound so easy, but it didn't have the option to choose unRAID using Docker, so I can't just copy and paste what it told me. I haven't set up any tunnels before. https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/ https://lzomedia.com/blog/how-to-setup-a-cloudflare-tunnel-new-using-gui-method/ Edited April 7, 2022 by Iceman24 Quote Link to comment
aeleos Posted April 9, 2022 Author Share Posted April 9, 2022 On 4/7/2022 at 5:06 PM, Iceman24 said: How do you use this with the new GUI config Cloudflare came out with? They make it sound so easy, but it didn't have the option to choose unRAID using Docker, so I can't just copy and paste what it told me. I haven't set up any tunnels before. https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/ https://lzomedia.com/blog/how-to-setup-a-cloudflare-tunnel-new-using-gui-method/ You can use the GUI easily by taking the run token the tunnel gives you and modifying the command in the docker template. Something like Post Arguments: tunnel run --token <Your Tunnel Token from GUI> Quote Link to comment
Darren Cook Posted April 29, 2022 Share Posted April 29, 2022 Am i going mad. or has this broken? setup and connecting. but every request results in the same error. 2022-04-29T14:47:57Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp [ip for NGIX:443 goes here but removed]: connect: no route to host" cfRay=[blanked]-LHR originService=[ip for NGIX:443 goes here but removed] 2022-04-29T14:47:57Z ERR Failed to handle QUIC stream error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp [ip for NGIX:443 goes here but removed] : connect: no route to host" connIndex=1 Followed two guides to compare settings. tried setting disabletlsverify to true, just get 502 errors. even tried setting up each host name in the yaml. same deal. *hits head off wall* 1 Quote Link to comment
Masterwishx Posted May 13, 2022 Share Posted May 13, 2022 installed first time tunnel for Oracle VPS by https://docs.ibracorp.io/vaultwarden-on-oracle-cloud-vps/ but having error of tunnel error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 129.xxx:443: i/o timeout" cfRay=70abxxxxxxxxxxx-CDG originService=https://129.xxxx:443 i have in config like in guide: ingress: - service: https://129.1xxxxxxx1:443 originRequest: originServerName: npm.mysite.com but in unraid guide is: ingress: - service: https://localproxynet:443 originRequest: originServerName: mysite.com Quote Link to comment
Goldmaster Posted May 20, 2022 Share Posted May 20, 2022 Seam to having permission issues with this on 6.10 Quote Link to comment
aeleos Posted May 29, 2022 Author Share Posted May 29, 2022 On 5/20/2022 at 3:55 AM, Goldmaster said: Seam to having permission issues with this on 6.10 If you are willing to look at the official docs you can modify the docker to only run with a token in the extra parameters, and the configuration can be done on the CF website. This should solve any permission issues. On the part about 6.10, my understanding is any permission issues aren't anything to do with the container or unraid but with incorrect permissions that unraid wasn't respecting before. Its possible you may need to force the container to use the user id you want, which can be done with --user 99:100 (for nobody:users) in extra parameters. Quote Link to comment
captainfeeny Posted May 31, 2022 Share Posted May 31, 2022 On 5/29/2022 at 4:12 PM, aeleos said: If you are willing to look at the official docs you can modify the docker to only run with a token in the extra parameters, and the configuration can be done on the CF website. This should solve any permission issues. On the part about 6.10, my understanding is any permission is On 5/20/2022 at 11:55 AM, Goldmaster said: Seam to having permission issues with this on 6.10 sues aren't anything to do with the container or unraid but with incorrect permissions that unraid wasn't respecting before. Its possible you may need to force the container to use the user id you want, which can be done with --user 99:100 (for nobody:users) in extra parameters. chmod 777 /mnt/user/appdata/cloudflared seems to solve this. Whether that's a good idea or not, however... Quote Link to comment
Goldmaster Posted June 11, 2022 Share Posted June 11, 2022 (edited) On 4/4/2022 at 2:48 PM, Profezor said: RESOLVED - Started from scratch. All working now Did you just uninstall and then cleanup the appdata? just uninstalled and im still getting the logs not loading and just flashing by. im on 6.10 and was working fine. I should not have to fix things after a stable update. Edited June 11, 2022 by Goldmaster Quote Link to comment
Goldmaster Posted June 11, 2022 Share Posted June 11, 2022 On 5/31/2022 at 12:38 PM, captainfeeny said: chmod 777 /mnt/user/appdata/cloudflared seems to solve this. Whether that's a good idea or not, however... I did try that and made no difference. Quote Link to comment
Goldmaster Posted June 11, 2022 Share Posted June 11, 2022 crying out loud, I forgot to set the Post arguments: tunnel run UUID in advanced settings! now seams to work fine. Quote Link to comment
sdballer Posted July 15, 2022 Share Posted July 15, 2022 Getting tons of "unable to reach the origin service" errors, but working fine... Anyway to solve that? Quote Link to comment
wondersparrow Posted August 19, 2022 Share Posted August 19, 2022 I am looking to enable warp routing and I can't quite figure out how to pass the extra post arg. I added this into my config.yaml and the logs show it is configured. warp-routing: enabled: true But I need to pass this extra arg "cloudflared tunnel route ip add 192.168.2.0/24 UUID" any idea how to do that? open console just crashes for me every time. Quote Link to comment
diehardbattery Posted August 22, 2022 Share Posted August 22, 2022 If I want to bypass the tunnel for a particular subdomain, is it as easy as setting said subdomain to dns only assuming the tunnel passes everything to swag/npm? Quote Link to comment
mikey6283 Posted August 27, 2022 Share Posted August 27, 2022 Hi is there a solution to these error, the issue i have is that CF seems to be working for afew hours and then i receive these error. If iu restart the app all is fine again for a few hours. if go to NGNIX and load the two apps i am connected thru HTTPS ?? 2022-08-27T17:46:39Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=7416a0beabb038ba-VIE originService=https://192.168.xx.xx:19443 2022-08-27T17:46:40Z ERR error="Unable to reach the origin service. The service xx.xx:19443 2022-08-27T17:46:40Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" connIndex=1 dest=https://mtamo.co.uk//site/wp-includes/wlwmanifest.xml ip=198.41.192.67 type=http 2022-08-27T17:46:40Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=7416a0c04d9738ba-VIE originService=https://192.168.xx.xx:19443 27T17:46:40Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to Any advice would be appreciated. Quote Link to comment
shremi Posted September 3, 2022 Share Posted September 3, 2022 Thanks for this guide and docker @aeleos, was able to set it up and close my port frowarding rules. How are you guys handeling reating new certs ? DNS challenge ?? I use NPM and since i closed the ports 80 and 443 i get error when creating new certs. I also assume that this applies when renewing certificates also Quote Link to comment
RadTechDad Posted September 22, 2022 Share Posted September 22, 2022 (edited) So I'm a little lost. In the Ibracorp video, when you take a look at his installed docker apps, he didn't already have the dockerized container installed Am I supposed to install it before following the directions on the GitHub page? I tried following without it, but I'm getting the following error: `error writing cert to /home/nonroot/.cloudflared/cert.pem: open /home/nonroot/.cloudflared/cert.pem: permission denied` I know that `/home/nonroot/` doesn't exist in my filesystem, am I supposed to create it? Then I read something on here that if I use the dockerized container, i'm supposed to use some UUID/token in the advanced settings. I saw that, but where do I get that from? Do i have to create a tunnel first through cloudflare's site? Edited September 22, 2022 by HoLyCoW Quote Link to comment
tazire Posted September 23, 2022 Share Posted September 23, 2022 I just followed the ibracorp video and have it up and running. My only change was to the config. I have the following... tunnel: UUID credentials-file: /home/nonroot/.cloudflared/UUID.json # NOTE: You should only have one ingress tag, so if you uncomment one block comment the others # forward all traffic to Reverse Proxy w/ SSL ingress: - service: https://REVERSEPROXYIP:PORT originRequest: noTLSVerify: true #forward all traffic to Reverse Proxy w/ SSL and no TLS Verify #ingress: # - service: https://REVERSEPROXYIP:PORT # originRequest: # noTLSVerify: true # forward all traffic to reverse proxy over http #ingress: # - service: http://REVERSEPROXYIP:PORT I kept getting errors with "originServerName: yourdomain.com" in my config. Quote Link to comment
RadTechDad Posted September 24, 2022 Share Posted September 24, 2022 (edited) I'm just going to put this here for anyone else. If you look at the written guide on Ibracorp's website (https://docs.ibracorp.io/cloudflare-tunnel/), the first step they say is to create the appdata directory and give it proper permissions first with the following command: mkdir -p /mnt/user/appdata/cloudflared/ && chmod -R 777 /mnt/user/appdata/cloudflared/ Then you can follow the rest of the video. Edited September 24, 2022 by HoLyCoW 1 Quote Link to comment
naxos Posted October 4, 2022 Share Posted October 4, 2022 (edited) Update: After a lot more work I'm now able to access my containers through the cloudflare tunnel. Game changer! I think my main problems were some sloppy copy/paste in my nginx.conf file and not paying close enough attention to which port numbers were mapped to http and https in Swag. What's interesting is that I can only get this to work with a tunnel created on the CLI. I've tried twice to use a tunnel created through the cloudflare UI and I can't get that to work. I feel like I tried all the config options in the UI, like different IP addresses and localhost, but I must be missing something. The tunnel is active and I can see in the logs when requests come through, but I just get various error messages depending on which IP I use or localhost. I don't think it really matters, but it bothers me when I can't figure something out. If anyone has this working with a UI-created tunnel, please let me know. Next challenges are figuring out how to enable LAN access with my custom domain and properly securing the external access. ------------------------------------------- After a solid 6 hours on this, I throw myself to the mercy of the good people in this great community. Most of this stuff is new to me, so it is 100% likely to be user error. I followed Ibracorps' guides for setting up the Cloudflare tunnel and configuring swag. I think I have scrapped everything and started over 4 times now. I've also carefully read through this whole topic and tried all the suggestions. I'm getting the "unable to reach the origin service" messages. In a browser, mydomain.com gives me a 502 error. 2022-10-04T05:14:46Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=754b6f95f8fb7ab7-LAX originService=https://192.168.1.107:8001 2022-10-04T05:14:46Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" connIndex=3 dest=https://mydomain.com/favicon.ico ip=xxx.xx.xxx.77 type=http Things I've tried: Setting noTLSVerify: true Setting originServerName to subdomain.mydomain.com (subdomain has a valid CNAME record) Trying both http and https for the service One very simple thing I'd like to confirm is exactly which IP address I should use for the service in the cloudflared config file. My swag port mappings are: 172.18.0.5:443/TCP -->192.168.1.107:8001 172.18.0.5:80/TCP __> 192.168.1.107:44301 I access my Unraid UI at http://192.168.1.107. I've been assuming I should use the 192.168 IPs as the service (edit: I've also tried the 172.18 IPs). Is that correct? Because most of this is new to me I'm limited in my ability to troubleshoot because I don't know how to tell exactly where in the chain the problem is. Seems like I'm either pointing the tunnel to swag improperly, or I've got a problem with my swag setup that's causing it to not respond. I welcome any and all suggestions. Edited October 6, 2022 by naxos Added additional info to IPs that I've tried. Quote Link to comment
SiRMarlon Posted October 12, 2022 Share Posted October 12, 2022 (edited) So did anyone ever figure out how to address this issue? My logs are getting full of these errors and I've tried everything that everyone has suggested to no avail. Everything is working and connecting just fine Edited October 12, 2022 by SiRMarlon Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.