Browser rendered ssh connection issue

I have a tunnel set up on my vps with the public hostname (server.example.com) pointing to ssh://localhost:22 and the private network being the IP of my vps. Additionally i have created a self hosted Access Application with the same hostname as the tunnel (server.example.com) with browser rendered ssh enabled. however, when trying to visit server.example.com in my browser, i simply get the "unable to connect" error message. i've made sure inbound tcp and udp traffic are allowed on the necessary ports (80, 443, 22), i've checked tunnel logs and cloudflared journal logs, but couldn't find any information that points to a specific problem in my configuration... any help would be greatly appreciated šŸ˜…
No description
No description
43 Replies
Idle
IdleOPā€¢3mo ago
anyone?
MDev
MDevā€¢3mo ago
My guess is you might be missing a reverse proxy to translate server.example.com on your VPS to localhost:22 Nvm that, tunnel should take care of that
Idle
IdleOPā€¢3mo ago
well that's what I assumed, but as per the cloudflare zero trust docs, connecting to the tunnel should act in a way that local host is a valid target
MDev
MDevā€¢3mo ago
should localhost be the VPS's IP? maybe try the hardcoded local IP as a test
Idle
IdleOPā€¢3mo ago
No description
Idle
IdleOPā€¢3mo ago
I'll give that a try, thanks
MDev
MDevā€¢3mo ago
had you tested terminal ssh? I'm not too familiar with browser ssh and cloudflare ssh [email protected] and a basic ping to it yield(ed) a cloudflare edge IP?
Idle
IdleOPā€¢3mo ago
yup this did not work unfortunately
MDev
MDevā€¢3mo ago
Awh šŸ˜® The hardcoded IP in the tunnel public hostnames didn't work either?
Idle
IdleOPā€¢3mo ago
I mean the hardcoded ip is the ip of my vps So yea that works lol
MDev
MDevā€¢3mo ago
oooh ok šŸ˜® and you're certain 'localhost' resolves to 127.0.0.1 on the VPS?
Idle
IdleOPā€¢3mo ago
pretty certain, I can ssh into localhost when on my server
MDev
MDevā€¢3mo ago
the cloudflared demon is hosted straight from the VPS right? not in a container?
Idle
IdleOPā€¢3mo ago
yep, using systemd or systemctl, im not that familiar with linux
MDev
MDevā€¢3mo ago
strange indeed šŸ˜® or maybe it could e the DNS port not sure :/ 53 i believe xd
Idle
IdleOPā€¢3mo ago
I'll see if that changes anything
MDev
MDevā€¢3mo ago
I'll share my opened ports setup for my cloudflared tunnels (not port forwarded or anything, just open/not blocked): TCP:80,443 UDP:53,7844 makes CF work smoothly for all my HTTP traffic also though QUIC
Idle
IdleOPā€¢3mo ago
what's 7844 for?
MDev
MDevā€¢3mo ago
Not entirly sure anymore but i think it had something to do with outbound connections to cloudflare's edge I opened that one once i saw some cloudflared logs indicating it should be open a few versions ago
Idle
IdleOPā€¢3mo ago
oh 7844 outbound? I don't block any outbound traffic
MDev
MDevā€¢3mo ago
Than it shouldn't matter indeed šŸ˜®
Idle
IdleOPā€¢3mo ago
and if I did, I think cloudflared would complain/the tunnel would show an error in the zero trust panel? or at least I'd hope so šŸ˜…
MDev
MDevā€¢3mo ago
yes šŸ™‚ I also bet you can just ssh fine locally into the vps?
Idle
IdleOPā€¢3mo ago
yes
MDev
MDevā€¢3mo ago
no ssh particular firewall rules locking wan?
Idle
IdleOPā€¢3mo ago
no, there are zero ssh firewall restrictions right now, which is why I'm trying to use tunnels so I can change my firewall to only allow cloudflare ips on port 22
MDev
MDevā€¢3mo ago
That a great plan indeed! Too bad it doesn't work like expected šŸ˜¦ Wait the self-hosted access application, look into that setup or delete/deactivate it temporary and test again šŸ˜„ I love access for my protective web endpoints šŸ™‚ Can be a pain sometimes if missconfigured
Idle
IdleOPā€¢3mo ago
well...
No description
MDev
MDevā€¢3mo ago
edit tunnel to not require access L7 temp.
Idle
IdleOPā€¢3mo ago
i never had that option enabled šŸ¤”
MDev
MDevā€¢3mo ago
Hah indeed! but was it enabled somehow?
Idle
IdleOPā€¢3mo ago
nope and it doesn't change anything, because the application isn't even selectable in the l7 access configuration
MDev
MDevā€¢3mo ago
I don't get the error šŸ˜®
Idle
IdleOPā€¢3mo ago
that error was a mistake on my end sorry
MDev
MDevā€¢3mo ago
Ooh np :p but getting desired results yet without the access application?
Idle
IdleOPā€¢3mo ago
nope
MDev
MDevā€¢3mo ago
any new errors?
Idle
IdleOPā€¢3mo ago
and the access application is required to make browser rendering a thing nope šŸ˜…
MDev
MDevā€¢3mo ago
Good 2 know ty! Hopeing someone with experience in that can help you out soon šŸ˜„ Good luck! Take some fresh air if it's getting too much or a coffe break ^^
Idle
IdleOPā€¢3mo ago
thanks
_CYBORG_šŸ‡µšŸ‡ø
Did you create an application and select browser ssh there?
Idle
IdleOPā€¢3mo ago
yes still trying to figure out the problem šŸ˜…
Want results from more Discord servers?
Add your server