Cloudflare Tunnel?
-
Hello guys!
Is there a way to use cloudflare tunnel/argo with cloudron instead of opening the ports?
Regards,
KK -
Hello guys!
Is there a way to use cloudflare tunnel/argo with cloudron instead of opening the ports?
Regards,
KK@jagadeesh-s2104 a user had some success with argo tunnel as reported here - https://forum.cloudron.io/topic/5714/argo-tunnels . We haven't tried this ourselves.
-
@jagadeesh-s2104 a user had some success with argo tunnel as reported here - https://forum.cloudron.io/topic/5714/argo-tunnels . We haven't tried this ourselves.
@girish thank you!
-
Hello. I was able to get this to work successfully with Cloudflare Tunnels. What I am having a problem with now is that my local Cloudron server is throwing fits when I go and re-sync DNS records. To get Cloudflare Tunnels to work you have to delete the current *.domain.com DNS record in Cloudflare that your Cloudron server automatically creates. Then in the Cloudflare Tunnels settings it creates a CNAME record in place of the old DNS A record that Cloudron automatically created. You do have to check the settings under TLS and disable TLS verify though. At this point it does work. I can access my site and completely disable port 443 on my router. I have zero ports exposed. Essentially Cloudflare Tunnels acts as a Reverse Proxy through the tunnel. I can route all the apps with their sub-domains this way and it works great. My question is, now that you have a little bit of backstory, how can I make Cloudron and the DNS settings Cloudflare Tunnels create work naturally together so that if DNS records re-sync it keeps everything working properly without breaking the site. To my understanding Cloudron does regular DNS checks and makes sure everything can talk to each other. If I do re-sync DNS settings or if the Cloudron server does it automatically itself via it's regular checks the DNS records get overwritten to point back to my public IP address again, instead of the Cloudflare Tunnel, which then breaks the site because the port fordwarding is turned off.
Thanks @girish
-
G girish marked this topic as a question on
-
G girish has marked this topic as solved on
-
@girish So I saw in a previous post you said you can setup Cloudron to use a local IP rather than a public one which I decided to go that route everything still works fine but I had one more question. Will Cloudron update DNS records automatically? Like will my system break after updates or something? Will I also receive an alert from my main my.domain.com notifications saying DNS don’t match? I’m hoping with it set to local it won’t update. If it does I can just VPN into my network and access stuff and fix everything again but I was hoping I wouldn’t have to do this often if at all. Can you shed a little light on this? Thanks!
-
@girish So I saw in a previous post you said you can setup Cloudron to use a local IP rather than a public one which I decided to go that route everything still works fine but I had one more question. Will Cloudron update DNS records automatically? Like will my system break after updates or something? Will I also receive an alert from my main my.domain.com notifications saying DNS don’t match? I’m hoping with it set to local it won’t update. If it does I can just VPN into my network and access stuff and fix everything again but I was hoping I wouldn’t have to do this often if at all. Can you shed a little light on this? Thanks!
@bigbucketboy the update by itself won't re-setup DNS records, no.
-
@bigbucketboy the update by itself won't re-setup DNS records, no.
@girish great thanks!
-
N nebulon referenced this topic on
-
quite unfortunately, i had some isssues with it.
basically what i did is the easiest way, putting the cloudflare tunnel in a docker container.
then, i made it go to my page, of testing, https://wp-test.blindsoft.net.
quite unfortunately, it showed up as bad gateway (502) error. its closed now, so.
what i usually do for things i cant put under cloudflare gateway is i filter the ports to all IPs ports with the exception of cloudflare IP addresses, port443, and my IP, 22 and 443. though keep in mind that if applications are using openid, for whatever reason this may not work. -
an example of this not working is https://access.blindsoft.net
