Argo Tunnel Service Not Working?

I just started using Argo and my first impression is that it is great! I’ve got a tunnel working, but it only seems to work if I manually start the tunnel with:

cloudflared tunnel run <tunnel-name>

I created a config file with the following contents
hostname: (my hostname)
url: http://localhost:8080
logfile: /var/log/cloudflared.log
tunnel: {id}
credentials-file: cert.pem

Runnning sudo cloudflared service install gives me this response:

4:05AM INF Using Systemd
4:05AM INF systemctl daemon-reload

But then I get this error at the address specified:

503 Service Unavailable
The origin has been unregistered from Argo Tunnel

Running cloudflared tunnel run <tunnel-name> then results in this error:

{"level":"error","time":"2021-01-26T04:07:32Z","message":"Falling back to a default logger due to logger setup failure: unable to create a new logfile: open /var/log/cloudflared.log: permission denied"}
{"level":"error","time":"2021-01-26T04:07:32Z","message":"Falling back to a default logger due to logger setup failure: unable to create a new logfile: open /var/log/cloudflared.log: permission denied"}
{"level":"info","tunnelID":"fcc1f719-6c86-48c3-ac71-5fedbc94af20","time":"2021-01-26T04:07:32Z","message":"Starting tunnel"}
couldn't read tunnel credentials from cert.pem: open cert.pem: permission denied

Clearly something is up with permissions, but I don’t see why adding a config file suddenly breaks things. How can I get my tunnel to work correctly when the server reboots?

I’m using these docs for reference: https://developers.cloudflare.com/argo-tunnel/reference/service

What OS and version are you running this on?

Ubuntu 20.4.1 LTS running in a VM on my freenas box. I’m using the latest version of Argo.

Perfect. Same here. I started the whole thing with cloudflared tunnel create TUNNEL

I found that --legacy mode was key.

Here’s what might work for you (I’m just subtracting some lines):
hostname: TUNNEL.example.com
url: http://localhost:8080
logfile: /var/log/cloudflared.log

This config.yml file is in /etc/cloudflared/, as is my cert.pem file

And then I ran:
cloudflared service install --legacy

Without --legacy, I just couldn’t get anything to work.

Thanks so much! I will check after work tomorrow and get back to you.

1 Like

Ok, same issue as before using --legacy (503 error). Can I see the full contents of your config file?

Also, the name of the tunnel I create doesn’t match the subdomain. I assume this doesn’t matter because a cname bridges the gap with the cfargotunnel.com subdomain.

Update: after waiting for a few minutes I now get error 1033 indicating that Cloudflare can’t resolve the tunnel.

That’s my entire config file.

No, the tunnel name probably doesn’t have to match the subdomain, but I was not very creative in that aspect.

Where are you getting the 1033? In a browser trying to connect to that hostname?

I’m connecting to my subdomain which has a cname pointing to the appropriate tunnel id.

I don’t have any CNAMEs. I have a subdomain AAAA record created by Argo Tunnel.

I think I’ve got it.

I tried creating a new tunnel which created a credential .json file.

I then created the config.yml config as below:

hostname: hostname
url: http://localhost:8080
logfile: /var/log/cloudflared.log
tunnel: tunnelid
credentials-file: tunneid.json

And then I ran sudo cloudflared service install which added the appropriate AAAA record. Of course, it wasn’t protected by cloudflare access yet so I took it down immediately.

1 Like

ugh I’m running this again on a fresh VM and it all works except the AAAA record won’t show up.

Ok, I was an idiot and wasn’t starting the service. However, attempting to start the service led to an error that the creds.json couldn’t be found, even though the file was in the same directory as the config.yml file. Your workaround worked in the end, though.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.