Problem setting up Cloudflare DNS with a tunnel
Honestly I have no damn clue what exactly might be the issue, so I am going to desribe the whole process. I am also a beginner in terms of setting up domains, so I hope you understand my confusion.
My plan was to set up a DNS using a domain purchased on Porkbun with an intent of exposing some of my self-hosted services to the internet. So far I had purchased the domain, added it to Cloudflare, transferred all the DNS records (and even my added my own public IP) and replaced nameservers at the registrar's dashboard with Cloudflare's.
Then I tried to set up the tunnel itself. Evertyhing goes seemingly well, connector installation on Ubuntu went as intended, I also added my service's IP address. However this where my luck ends. I tried both, minecraft server with a route and a proxmox web gui for test purposes. I cannot connect to the first and the second is spewing out a 502 error.
From what I noticed while creating the router no route is betting created (eventhough I had seen it being already there in other guides and tutorials) and I cannot seem to configure one.
Where did I make an error? I have no damn clue. I already tried removing A records provided by the registrar and replacing them with my public IP A DNS record as well as keeping them both, but it did not help.
If any screenshots are needed to determine the issue, I will be more than happy to provide them.
84 Replies
Ok, do you just want to use your domain so that people can use the domain instead of connecting to your public IP directly, or do you specifically want to use a tunnel?
Tunnels require that every player installs the tunnel.
Well, primarily the former, but I thought of using the latter as an additional layer of security. Also wait, really? I had seen no mention of the requirement of having the tunnel installed in order to access tunnelled website/server.
Cloudflare Docs
Arbitrary TCP
Cloudflare Access provides a mechanism for end users to authenticate with their single sign-on (SSO) provider and connect to resources over arbitrary TCP without being on a virtual private network (VPN).
Connect from a client machine
1. Install the Cloudflare daemon on the client machine
Exposing the server using your public IP should be simple.
And you don't need to install the tunnel to access a tunneled website. But to access Minecraft (or any other raw tcp applications), you need to install the tunnel on every device that you want to connect.
OH
Alright, tunnel's out of the consideration then
aka just adding the public IP to DNS list with a proper domain record?
Is the server on port 25565?
Yep
A record should be enough to my knowledge
Than just an A record should do the trick.
You'll also need to configure port forwarding on your router.
Figured
Eh, wanted to avoid it but oh well
I'd like to return back to the topic of a tunnel for a moment however
since I still don't understand why I'm getting 502 error while trying to expose PVE
How exactly is your tunnel configured? Managed through dashboard or locally?
Throught dashboard
added controller to my ubuntu server VM
and then the IP with the port and HTTPS
and your local app does use https?
Correct
At least I have it in the Web GUI address
can you show a screenshot of the tunnel setup? You should also set the Origin Server Name and HTTP Host Header options.
Can you show a screenshot of the public hostname settings?
One moment
It looks like the subdomain doesn't have a DNS record
I've just read this
Why did you anonymize the target ip address? Is that your public IP?
Give me a moment, I will set those up too
out of habit
it's private IP
the DNS record should be created automatically when you create the public hostname, or if you just rename it and back again now
Well, can't connect with my minecraft server either way
Port forwarding enabled, it can be connected to via the ip, but the domain does not work
What's the domain?
mc.autismmansion.com
ISPs will often block you from connecting to your own IP, so that could just be the problem
except I can do that
It can't be proxied
The DNS record needs to be DNS-Only
Result remains the same
let me start minecraft real quick and try
go ahead
Works for me, I'm just on the wrong mc version
what
...one second
I will ask one of my friends
might be dns cache as you had the record set to proxied
should expire after 5 minutes
Ight, that hopefully solves one issue
Weird, not it cannot find the website at all
and I did not change any settings aside from DNS records
You still don't have a DNS record
change the subdomain for the public hostname and then change it back, that should create the DNS record automatically.
sigh...
I think I will just redo the whole tunnel
just create the record yourself
left of the
: is the CNAME records name, right of it is the value
this record needs to be proxied
not sure if I understood you right
looks good
ok, I see the bad gateway error now
when you type in the ip that you anonymized you see the webgui?
it does not even find the website for me
Just locally, can you open the webgui without the tunnel?
of course
and it uses https, just with the ip?
yes, i see the 502 error
I genuinely have on idea what kind of clusterfudge I am witnessing right now
why can I not connect to this right now?
like at all?
probably also dns cache
caching the negative response you previously had
why does it last for so long for me though?>
A negative response is cached for an hour
Well, guess I can just try and edit settings, so that least you have a chance to access the website
Is the domain you're using configured in the proxmox webgui or how does the ssl there work?
I got it from porkbun
it laready should have SSL, according to the reegistrar
I mean, in the proxmox webgui, did you have to set the domain?
SSL certificates are for a domain, so direct IP access should usually at least result in a warning when you open it locally.
Can you run a few command from a terminal so I can understand how it works?
curl -svo /dev/null https://proxmoxwebgui.autismmansion.com --connect-to ::<private-ip-here>no
and fro mwhat I had see nthat should not be the case
unless the author of the video abruptly cut out a crucial detail
Or could you create a port forwarding for port 8006 for a moment? Then I can just see how it works for myself.
try now
same ip as the minecraft server?
There doesn't seem to be anything listening
well yeah
except it's port 8006
though you'd need raw ip to access it I think
I've tried that. There's no https service listening
curl -si https://91.227.xxx.xxx:8006
Nothing there.I have no damn clue then
Can you show a screenshot what it looks like when you open the webgui
address bar, including ssl status
you mean this?
yes. when you click on the !, what warning do you see?
connection not secure
can you open a console on the machine/vm that the tunnel is running on and try
curl -svo /dev/null https://192.168.100.67 --connect-to :::8006 --insecure
I'd like to know of the webgui is actually accessible from wherever the tunnel is running...I think I know why it's not working
I completely forgot I enabled firewall so that this particular VM is completely isolated
That would do the trick^^
Good lord
I love putting logs under my own legs
you know
I'd give up on it for today
I need to sleep
I will run the tunnel for a different machine
ok, good luck tomorrow 😉
Thanks, lad
And goodnight to you aswell
or good day
2:20am^^ Gotta go to bed as well 😉
ah yes, a fellow european
Hi, question, can I make it so that I have a second subdomain leading to the same IP address but under a different port?
sure
thanks