Argo Tunnel connection issues using BTCPay Server

Hello, I have installed BTCPay Server on a linux machine and I’m trying to expose it to clearnet using a tunnel. On the linux machine if I do curl -I 127.0.0.1:80 I got the response and all is OK. Also accessing from the browser to the machine IP I can see the app running.

The problem is when using the tunnel (cloudflared docker). The response I get is:

ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:80: connect: connection refused" cfRay=71fc98ef1e7b76fc-LHR ingressRule=0 originService=https://127.0.0.1:80

ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:80: connect: connection refused" connIndex=3 dest=https://testpay.mydomain.es/ type=http

Any ideas?

Try using 0.0.0.0:80 instead of 127.0.0.1:80
Also check if your server is blocking any IP from Cloudflare
Or change the IP to the real IP of your server? You cannot access the Internet using the address of iana private ip ranger

The docker container isn’t the local machine. Try the actual IP of the server.

@ndbiaw have tested with 0.0.0.0:80 and the same happens…

@cscharff I have placed the local IP of the server 192.168.1.49:80 and it works, can you please explain me why? I think this will be related with the docker networking, maybe before, when I was using 127.0.0.1:80 this was calling the internal docker intense and not the machine where the instance was running.

Thank you.

192.168.. is the local IP of your network (LAN IP), 128.. is the local IP of your device
And it looks like you’ve found the solution

@ndbiaw yes it is solved, but I wanted to understand why and how it works, can you please explain or share some resources?

The tunnel created on the container can dial any IP of my local network like if was a machine inside my local LAN? The container works as an independent machine inside my server?

thank you!

The answer may not be correct and it should not be used as a reference.
It’s probably because your network isn’t actually running locally on your server. When you access 127.0…, it will not access your modem but will access it locally in your computer. 0.0.0.0 is similar to 127.0… but it includes the entire local IP on your machine (for example if you distribute 2 websites with 2 IP addresses 127.0.0.1 and 127.0.0.2 then 0.0.0.0 is reachable both websites if both have different port.

And maybe in this case it was calling 127.0… on your modem, which doesn’t really have any service so you can’t connect. When you use 198.0…, you can access because your modem knows that 198.0… is the local IP of the servers in the LAN.

So by using 127.0.0.1 I’m dialing the container and not the server?

So for others looking for this issue and solution using the docker version, you can use:

docker run --network="host" and your container will point to your docker host machine.

sudo docker run --network="host" cloudflare/cloudflared:2022.6.3 tunnel --no-autoupdate run --token <your-token>

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.