Cloudflare with websites
I want to setup Cloudflare with a website, run on localhost, There's 2, One's CasaOS and the second one's Crafty Controller, When i tried setting it up it just gave me the error 502
80 Replies
the site in cloudflare will need to be configured using some kind of real world reachable ip address...
localhost or 127.0.0.1 is not that.
you can use a proxy server that listens on the public ip and proxies to your localhost httpd thoughOr implement Cloudflare Tunnel to proxy localhost through an outbound tunnel: https://erisa.dev/exposing-a-web-service-with-cloudflare-tunnel/
I've managed to access it from outside the server location
Cloudflare tunnle is enabled
that's what I used
Portforwarded using miniupnpc
Could you help me do it on Cloudflares web interface?
I can
@Helpflare
You can follow the instructions here to set up a tunnel using the Cloudflare Dashboard:
https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/
I've done that but I get error 502
It's not allowing me to get through, And i want to mask the original IP, For the home server so you can't ping it
https://casa.srevre.eu.org/
The IP address is not exposed through Cloudflare, so it's already masked per-se.
However, if you want to prevent others from accessing it directly, you need to setup a firewall on the server directly, which you can do by following the guidance from the following article (under Configure Origin Server):
https://developers.cloudflare.com/fundamentals/setup/allow-cloudflare-ip-addresses/
In terms of the 502 error, have you selected the correct protocol and port on the tunnel?
If you curl http://localhost:8080 (or whatever the port is) from the server directly, does it correctly fetch your app?
The IP address is masked now, And i can access the server with the direct IP, I've selected the protocol http:// and The server is on a system outside my network
But I can access it directly
Just to clarify, you have installed Cloudflared on the actual server (outside your network) right?
Yes
It's inside a docker container
http://atestforyou.giize.com:132/#/login
That's a temp IP for direct access (IP not masked)
I can get tunnels to work for minecraft (SRV), that work
For the IP address that you've entered as part of the Tunnel configuration, are you using localhost, or your actual public IP address?
And is your app listening on both or just one?
127.0.0.1 for mc and the website, And the app is listening on port 132 (127.0.0.1:132)
So if you type curl http://127.0.0.1:132 on the terminal on your server, does it spit out the HTML for your website?
Failed to connect
Perfect, so yeah that's your problem, no app is listening on that IP/port
Replace 127.0.0.1 with your public IP
Does that work?
How do i get it to work? as Minecraft also uses that
I'll try
You can either bind your app to the loopback interface, or just type your public IP address in the Tunnel configuration. It won't be exposed either way.
Just so I can try and gauge the setup you have, if you type curl http://publicip:132 on the server, does that connect and display the HTML for your site?
We can then ascertain if your app is indeed properly listening on the primary interface on your server and configure the tunnel to use that
The tunnel is set to :132
and the curl is just stuck on loading
If the cURL command doesn't work, then the tunnel won't work. You mentioned earlier that you could connect to the server directly? I'm assuming that doesn't work either?
I can't curl that either even though i can access it
http://atestforyou.giize.com:132 (direct)
https://casa.srevre.eu.org/ (cloudflare)
curl: (28) Failed to connect to <IP> port 132 after 129618 ms: Connection timed out
is that ping? as the router has ping disabled
No that's not ping, you can block ICMP (ping) requests fine, the cURL command just makes a HTTP request which needs to work
The curl command doesnt work with the d-dns either, that I can access
Alright the cURL command works for me (I can access everything just fine directly to your IP), so that's super odd.
Just to confirm one more time, if you type "curl http://atestforyou.giize.com:132/" on the server that hosts your app, that times out?
It's timinng out for me, inside the home network
The server is not on my network, I'm using curl from ssh
Yep, so you're using cURL whilst logged into the actual server where your app/website is hosted and that fails?
yes
I can use curl from CMD, I just can't use it the same inside the server
Yeah that's the behavior on my end too, I can access your IP from my network, so I would assume you can also do the same from your home network right?
It's just the server that cannot access its own app?
Have you setup any odd firewall rules?
If so, remove them and then we can get your site working, and then add the necessary rules back
The server has no extra firewalls
I can disable the network firewalls temporary though
Try that, if you cannot cURL your own app from inside the server that is hosting it, a Cloudflare Tunnel will never work
Tunnels work with my mc servers, But not the webui for casaos/webui for mc serves
firewalls are disabled now, still can't access it
Even the previous cURL command while SSH'd into the server itself?
curl still doesn't work while ssh'd
Wait, are you doing some sort of port forwarding? Is the native port of this app 132?
the port inside the app is 80 the port outside is 132
upnpc -a (local ip) 80 132 tcp
the router gives me an error when i try port 80
Can you retry that cURL command whilst SSHd into the server but use port 80 instead of 132? What is listening on port 80
You shouldn't have to port forward when dealing with Tunnels, it eradicates the need to do any of that
It curl's, just no output
should i tunnel port 80?
Okay yeah this makes sense now, it sounds like something is listening on port 80, so in your Tunnel configuaration, use port 80 and not 132
If that doesn't work (and port 80 is taken by something else), you need to change the actual listening port of casaos to something else and use that within the Tunnel config.
I googled your particular app, try logging in and changing the port to something like 8081 or something that is unused
I can't seem to access the webui anymore
What did you change on your server?
the webui port
To what?
give me a few mins i need to deal with something
Sure
I've managed to get back into casaos using the direct IP
still nothing on cloudflares side though
Without knowing the specific setup you have, the issue here is definitely related to the fact that the Tunnel needs to point to the IP and port that the app is bound to, but your port forwarding is causing issues with this, hence the cURL failures directly on the server which should never happen.
Is that IP (ending in .6) the IP address of the server itself, or is that on your home network?
that's the server IP
And when you login to the Web UI, what port is CasaOS listening on? I'm assuming it says 80 and not 132 when you login?
I set casa to 132 and the public to 132
Ah okay, but did you change it from another value?
I changed casa from port 80 to 132
Okay perfect, so try that old cURL command whilst SSHd into the server once more
"curl http://atestforyou.giize.com:132/"
Now that it's listening on that port, it should work
It still isn't giving me a response from the terminal
Its just blank
Is that relate to my docker containers?
CasaOS is not installed via Docker right?
No
Then it won't be an issue (unless you're using that port for a Docker container)
To get this working your own server needs to be able to access the app, the fact that this isn't happening indicates a configuration issue somewhere.
Can you try one last thing. Can you change the port from the Web UI from 132 to another unused port that you're also NOT using in any port forwarding configuration or other app.
And then can you try accessing the WebUI either directly or via cURL with that new unused port
Something definitely unused like 8084
I changed it too 174, And it still deosn't work
changed the cloudflare config also
and https://atestforyou.giize.com:8111/ hass the same issue (crafty controller)
Yeah this won't be a Cloudflare issue, there's something wrong with the configuration on your server which is hard to troubleshoot because I/we can't really see anything.
I just setup a random CasaOS install on a VM I spun up and it worked perfectly with a tunnel, so I can only guess there's something else you've installed or done which we can't see π¬
Okay,thanks
No worries, hope you get it sorted, tinkering always ends up working in the end π
I've gotton a question, @AlphaCentauri , What did you input as your cloudflare config from zero dash?
I set the protocol to HTTP, the IP address to my VMs primary IP, and the port to 80, which was the standard port it used.
Does it look similar to this?
I used a trycloudflare.com tunnel though as it was purely a test, so I didnβt use the zero trust dashboard, but yes, itβd look exactly like that.
I just changed it from http to https and now the dashboard seems to work
from casa.srevre.eu.org
Oh perfect, glad you got it working π
Yeah, Now just time to figure it out with the crafty controller, as that ones still giving me the error
Is that: https://atestforyou.giize.com:8111/
Yes, It is
That's using a self signed SSL certificate, so select HTTPS as the protocol, and make sure to go into TLS Settings and enable the option for No TLS Verify
The better option is to use a real signed SSL certificate like Letsencrypt or a Cloudflare Origin SSL certificate which are both free, but the above option should also work
Thank you, It works now
Amazing, glad to hear it π
And how do i get a cloudflare certificate?
You can follow the instructions here:
https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/
Thank you so much man
No worries, happy to help! We got there in the end π
Yeah, Thanks!
@AlphaCentauri Could you check your DM's please?
Sure thing