I’m fully willing to admit that I may have misconfigured something, however I’ve been experimenting with the use of Argo tunnels and can’t say I’m impressed with the stability.
The setup is simply
CloudFlare <—Argo Tunnel—> Non Exposed Host
and on this host I’m running 3 Argo tunnels for ssh, a Kubernetes dashboard and another tunnel pointing to an nginx ingress. Note that this is paired with Cloudflare Access so its not like this stuff is exposed to the public internet. Behind the nginx ingress (running inside a single node kube cluster via microk8s) is a web based version of VS Code that leverages websockets.
The issue I’m experiencing is that Argo appears to have issues maintaining persistent connections for any length of time (>15 minutes). In the case of both SSH and the websockets used by VS Code, I will encounter dropped connections and on the occasions I have both open, they both drop simultaneously. Checking CPU load on the host, it is quite reasonable and I’ve made cloudflared higher priority than most daemons (particularly kube related daemons).
If I instead expose the host to the internet with firewall rules restricting connectivity to only Cloudlfare IP ranges, there are absolutely no connection drops. To clarify, in this case connections are still being proxied via Cloudflare and secured via Access, however Argo is being bypassed. I originally assumed that these were keep-alive related issues where CF were dropping the idling connections, however the fact that non-Argo connectivity appears fine makes be suspect something else.
For additional context, the host in question exists within Google Cloud running on the standard (cheaper) networking tier which drops traffic onto the public internet ASAP (instead of Google carrying it as far as possible).
Any tips to debug this further or more information I can provide, I’m all ears.