Bad gateway Error code 502 on Nextcloud Tunnel

Hello,

For the past year or so I’ve been running cloudflared to access services running on my windows 10 based NAS without much of a problem.

I’m setting up a TrueNAS install for a friend and would like them to have similar access to services, so have installed the cloudflared app under the TrueNAS Scale > Apps option and get a nice green “Healthy” showing in my Tunnel configuration page.

Now I’ve gone to add a Public Hostname for NextCloud running on the TrueNAS box and this is where things get problematic.

I can access the site fine over the local ip (https://10.0.0.11:9001) but when I try https://cloud.domain.com that I’ve configured in Cloudflare, I get the Bad Gateway error, code 502.

Thought this might be to do with the self-signed certificate that truenas generates so first I tried the TLS option to ignore it, but same error, I then generated an Origin Server certificate in Cloudflare, installed that to TrueNAS and updated the OpenCloud Kubernetes config to use the cert.

Still same error though.

For reference, the domain SSL/TLS encryption mode is “Flexible” not strict (though I did try changing it up, each test was the same error).

Here’s the tunnel config:


Nothing seems out of the ordinary compare to my own NAS server (though, I don’t have nextcloud on that, the services are all non-https which I’m not sure if it is my issue) - I tried adding the other services on the machine, like plex or the truenas admin interface (which I’d obviously remove) and similar issues with those.

I’m presuming the cloudflared configuration is correct given the “healthy” status and that there’s very little to configure, just throw the token in, so feels the issues at routing to these services. Connector diagnostics also shows my IP address correctly for the Origin IP too, so I’m fairly happy there.

Logs when I try and access the site are:
{
“error”: “Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp [::1]:9001: connect: connection refused”,
“cfRay”: “84a640f92adba81d-SYD”,
“ingressRule”: “0”,
“originService”: “https://localhost:9001
}

{
“type”: “http”,
“error”: “Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp [::1]:9001: connect: connection refused”,
“connIndex”: 3,
“dest”: “https://cloud.domain.com/”,
“ip”: “198.41.200.193”
}

Unsure why it couldn’t connect, I can connect locally so the service is definitely up.

Appreciate this is often asked, have searched before posting but not found anything that’s resolved it.

Would like to get this resolved as the build is for a friend of my on disability pension so she can cancel her cloud services from apple that’re eating in to her pension each month, she does live in the next state so it’ll be a short while before I can get the NAS across, so was hoping to get publicly accessible cloud up as a quick patch until I can give her the physical hardware.

Oh, just to add, the application is configured to expect the cloudflare domain name as its host domain - meant to pop that in the above.

Ahh, found one problem - under the “Connector diagnostics” my Origin IP was correct, but I hadn’t noticed cloudflared was giving it’s Kubernetes IP rather than the hosts, went in to the configuration and checked the box next to “Host Network” even though the help for it says:

Bind to the host network. It’s recommended to keep this disabled

but that updated the Private IP in Connector diagnostics to 10.0.0.11 as it should be and not the truenas interface is loading up on the tunnel for it, still struggling with nextcloud though (dang it).