i need help with cloudflare tunnels
so i self host a service for my mc java server stuff that's called minetrax but it does not whant to work with my cloud flare tunnels like i set the tunnels settings properly and its active (minetrax) but when i try to access the subdomain that i set for it it does not got to minetrax. i even tried accessing the same service from playit.gg and that worked and even conventional port forwarding worked to so why does cloudflare tunnels not work?
62 Replies
To use non-http protocols through Cloudflare tunnels the client has to install software to connect, either cloudflared or WARP w/ Private Networking, eitherway can't simply connect to the public hostname/make it publicily accessible
?tunnel-tcp
Cloudflare Tunnels use Cloudflare's proxy, which only supports proxying HTTP Traffic. If you want to use non-http applications over your tunnel, Cloudflare has a few other options:
For a few specific protocols such as SSH, RDP, and SMB, Cloudflare has guides for them here:
https://developers.cloudflare.com/cloudflare-one/applications/non-http/
For Arbitrary TCP like Minecraft, MySQL, and any other tcp application, Cloudflare has a guide here: https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/
For Arbitrary UDP like Minecraft Bedrock, SMTP, and any other udp application, you will need to use Private Networking with WARP: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/
Please note for all of these except SSH and VNC which can be browser-rendered, you will either need to use cloudflared (Cloudflare's tunnel daemon) on the client machine running in the background or Private Networking with WARP, and have WARP installed on the client machine logged into your Zero Trust Team.
yes i know i have cloudflared in a docker running and i have lots of things running through cloud flare tunnels
here is proof that it works:
https://panel.astrellemc.net that goes to my minecraft panel that is running through cloud flare tunnels
right, those are all http services
When you mention playit.gg and port forwarding, I thought you were talking about proxying minecraft itself
that link is https to cloudflare tunnels and i can accses all of my other subdomains that i have running through cloudflare tunnels
no i have a port open for my minecraft server
so "minetrax" is just an http application you're trying to access through your tunnel?
yes or it can be https but yes
what's the error you get right now when trying to access it through a public hostname, and what's your configuration?
there's supposed to be a DNS record created for you when you add a public hostname but I don't see one for
www, can you try deleting and recreating the public hostname? Could also copy the dns record from the panel subdomain (assuming same tunnel), but recreating would be easierok i deleted it and remade it
If you go into your website in Cloudflare in the normal dashboard, and then DNS -> Records, do you see a record for
www at all?ok so www does not whant to make a dns record at all but if i make another tunnel the same config but differant subdomain then it works
see https://webbb.astrellemc.net/
you mean another public hostname, not another tunnel, right?
correct
just copy the cname target (from webbb or panel, assuming same tunnel) and manually make the DNS record after you make the public hostname then, and see if that works
ok
those records aren't anything special, just need to get the traffic down into the tunnel
so what do i do to get www to work?
well you got one step done
i dont see that
now the tunnel itself is saying it can't reach
http://192.168.1.41:25574
you're more then likely just hitting dns cachehow do i fix that
clear dns cache locally and switch your dns resolver to one who updates more quickly then your ISP default (assuming you're using the default), or wait it out (should be a max of an hour or so)
doesn't change the new error though, can the host the tunnel is running on reach
http://192.168.1.41:25574? is the web server that is supposed to be there running/responding to requests?ok now i see that
yes it can yes if i do localy
like
curl http://192.168.1.41:25574 from the same hostthe tunnel is running on?
If that does work, the next thing to check is the tunnel logs journalctl -u cloudflared -f --lines=100 (if on linux/using a systemd os) and see why it thinks it can't connectno like i can accses the minetrax web from another device useing that on the same network
i think its somthing wrong with cloudflare it self because when i made the webb subdomain it auto made a cmne but when i did the same info but www it did not make one at all
the cname isn't the issue anymore, we're past that
hmm I would make sure accessible via the actual device running the tunnel/cloudflared
ok
either by trying to curl the endpoint from that machine or by checking logs and seeing why it thinks it can't connect, either would be helpful
i got this:
from curl? that looks.. ok? Anything from cloudflared logs?
cloudflared | 2024-05-09T01:19:56Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:5658: connect: connection refused" connIndex=3 event=1 ingressRule=6 originService=http://127.0.0.1:5658
cloudflared | 2024-05-09T01:19:56Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:5658: connect: connection refused" connIndex=3 dest=https://www.astrellemc.net/ event=0 ip=198.41.200.23 type=http
127.0.0.1:5658
the one you said above was port 25574yes
what's the www public hostname configured service?
well something is being crossed somewhere lol
how many tunnels do you have? Just that one, with a few public hostnames?
a few
omg
its because i have another www public host name (so i have some how 2 of them)
omg it works now
hmm yea makes sense, was going to ask to make sure you're using the right tunnel. Was it on the same tunnel, or a different one?
oh also while we are at it i also need to figure out my problem with me or my friends getting rate limited when going to my dynmap website that also runs through public hostname
is the rate limit cloudflare branded/a cloudflare error page?
Minecraft Dynamic Map
Minecraft Dynamic Map
try moving the map then it gives you a error red box then refresh the page and you will see it
strange it is not doing it now
I saw a red message and refreshed and now I see this:
yes because i refreshed my test server
oh ok
its back up now
when it did happen, did it look like this?
yep thats the one
If you go Security -> WAF -> Rate Limiting Rules, do you have anything setup?
do you see an old rate limiting section at that page at all? would be right below if you had any old ones
nope
Under the same Security tab there is Security -> Events, see if you can find any rate limiting events and the service causing it (would have to have happened recently tho)
that would cause the same style of error page but a visibily different error, iirc its the one about browser signature. If you're sure it said "You are being rate limited / 1015", it wouldn't be that
something like this
yes it was the 1015 that i was getting before
i am not getting it now though on my end
1015 is Rate limiting, 1010 is Browser Signature/Integrity
Browser Intregity Check is pretty useless anyway, if you think it could be it at all you can turn it off under Security -> Settings, or just wait until it happens again and check Security -> Events
ok
ok it seems to be working fine now thx for the help