Browser rendered ssh connection issue
I have a tunnel set up on my vps with the public hostname (server.example.com) pointing to ssh://localhost:22 and the private network being the IP of my vps.
Additionally i have created a self hosted Access Application with the same hostname as the tunnel (server.example.com) with browser rendered ssh enabled.
however, when trying to visit server.example.com in my browser, i simply get the "unable to connect" error message.
i've made sure inbound tcp and udp traffic are allowed on the necessary ports (80, 443, 22), i've checked tunnel logs and cloudflared journal logs, but couldn't find any information that points to a specific problem in my configuration...
any help would be greatly appreciated š
43 Replies
anyone?
My guess is you might be missing a reverse proxy to translate server.example.com on your VPS to localhost:22
Nvm that, tunnel should take care of that
well that's what I assumed, but as per the cloudflare zero trust docs, connecting to the tunnel should act in a way that local host is a valid target
should localhost be the VPS's IP? maybe try the hardcoded local IP as a test
I'll give that a try, thanks
had you tested terminal ssh?
I'm not too familiar with browser ssh and cloudflare
ssh [email protected]
and a basic ping to it yield(ed) a cloudflare edge IP?
yup
this did not work unfortunately
Awh š® The hardcoded IP in the tunnel public hostnames didn't work either?
I mean the hardcoded ip is the ip of my vps
So yea that works lol
oooh ok š®
and you're certain 'localhost' resolves to 127.0.0.1 on the VPS?
pretty certain, I can ssh into localhost when on my server
the cloudflared demon is hosted straight from the VPS right? not in a container?
yep, using systemd
or systemctl, im not that familiar with linux
strange indeed š® or maybe it could e the DNS port not sure :/
53 i believe xd
I'll see if that changes anything
I'll share my opened ports setup for my cloudflared tunnels (not port forwarded or anything, just open/not blocked): TCP:80,443 UDP:53,7844 makes CF work smoothly for all my HTTP traffic also though QUIC
what's 7844 for?
Not entirly sure anymore but i think it had something to do with outbound connections to cloudflare's edge
I opened that one once i saw some cloudflared logs indicating it should be open a few versions ago
oh 7844 outbound?
I don't block any outbound traffic
Than it shouldn't matter indeed š®
and if I did, I think cloudflared would complain/the tunnel would show an error in the zero trust panel?
or at least I'd hope so š
yes š I also bet you can just ssh fine locally into the vps?
yes
no ssh particular firewall rules locking wan?
no, there are zero ssh firewall restrictions right now, which is why I'm trying to use tunnels so I can change my firewall to only allow cloudflare ips on port 22
That a great plan indeed! Too bad it doesn't work like expected š¦
Wait the self-hosted access application, look into that setup or delete/deactivate it temporary and test again š
I love access for my protective web endpoints š Can be a pain sometimes if missconfigured
well...
edit tunnel to not require access L7 temp.
i never had that option enabled
š¤
Hah indeed!
but was it enabled somehow?
nope
and it doesn't change anything, because the application isn't even selectable in the l7 access configuration
I don't get the error š®
that error was a mistake on my end
sorry
Ooh np :p but getting desired results yet without the access application?
nope
any new errors?
and the access application is required to make browser rendering a thing
nope š
Good 2 know ty!
Hopeing someone with experience in that can help you out soon š Good luck! Take some fresh air if it's getting too much or a coffe break ^^
thanks
Did you create an application and select browser ssh there?
yes
still trying to figure out the problem š