I’m unsure where to start since I’ve been working on this all week.
I aim to configure a tunnel for my domain and configure routes using the ingress rules. Sounds simple.
First I try to create a tunnel from the zero trust console. That works fine: I can connect a tunnel using the token and route traffic to an application.
Second, I want to create a tunnel from my server. I create a tunnel using a domain certificate downloaded by calling
$ sudo cloudflared tunnel --origincert /etc/nixos/certs/interleaved.io.pem create --cred-file /etc/nixos/cloudflared/hyperion-interleaved.io.json hyperion-interleaved.io
I configure it…
(yes, it looks strange, but it is valid yaml. I tried “normal” yaml and got the same result. those are the correct filenames)
I configure a systemd service unit and run it. The tunnel connects.
Finally, I configure a CNAME entry and point to
No dice. Error 1016.
It’s not clear from the documentation if I need
warp installed, and if I need the configuration detailed in the private-hostnames-ips section of documenation*. No big deal.
I install warp, register,
enable-always-on. This works, and I have a warp connection.
Two caveats. First, it wasn’t that simple (look at nixpkgs PR #168092).* Second, I tried this two ways: with
Eventually, the warp tunnel works. The logfile is noisy, but it works.
I enable warp-routing in the tunnel config and things seem to be going well
Aug 22 00:37:34 hyperion cloudflared: 2022-08-22T05:37:34Z INF Initial protocol quic Aug 22 00:37:34 hyperion cloudflared: 2022-08-22T05:37:34Z INF Warp-routing is enabled Aug 22 00:37:34 hyperion cloudflared: 2022-08-22T05:37:34Z INF Starting Hello World server at 127.0.0.1:42727
The tunnel doesn’t want to connect at first but eventually, it connects. I’m not sure what I changed, if anything.
So, with the tunnel connected and CNAME entry, I attempt to hit the hello_world application and…
I’m about to give up this approach since it’s kicked my butt for a week and I have nothing to show for it. But, please: If you think you know where I went wrong then please let me know.
- I would link to relevant topics but the forum rules prevent me.