Can't access services hosted behind Cloudflare Tunnel

What is the name of the domain?

vockley.com

What is the error number?

1000

What is the error message?

Error 1000 Ray ID: 8dd86724e831c009 • 2024-11-04 23:32:21 UTC DNS points to prohibited IP

What is the issue you’re encountering

I have recently installed a new router in my home network, and now none of my services hosted behind my CF tunnel are accessible. I can’t see how these could possibly be related, as my internet connection is still working perfectly. The logs from cloudflared indicate that it is able to connect to CF servers fine, but nothing shows up in the logs when accessing my website from a browser. Occasionally, a bunch of errors will show up in the logs all at once with the message “incomming request ended abruptly: context canceled”, but I can’t reliably recreate this.

What steps have you taken to resolve the issue?

None. The error message seems to indicate something that shouldn’t be possible, given that everything is set up automatically by the CF tunnel.

What are the steps to reproduce the issue?

Go to vockley.com

Screenshot of the error

Error messages in cloudflared logs:

Have you got SSL certificate at the origin host, or not?
I see NoTLSVerify set to No, might be good to give it a try with Yes, if so.

From the screenshot, ssh and othersa are protected by Access policy.

However, vockley.com as main domain seems to not be defined with port despite https used? :thinking: Is it working on 443 or some other HTTPS related?

So, I guess a bit more info about my setup would be helpful here. I have 2 server VMs that run the relevant parts of my network. The first is running just dockerized cloudflared, and the second is running my main docker setup.

In the main docker rig, everything is exposed to the network using Nginx Proxy Manager, so most of the CF tunnel connections route to that to access the services. Within Nginx Proxy Manager, I have LetsEncrypt set up to provide SSL certs for everything. The certs are valid and functioning properly, as everything is accessible via HTTPS from within the local network.

I tried setting notlsverify on several of my subdomains and added port 443 to my root catchall rule, but nothing seems to have changed. I still get the same error, and accessing any of my services shows no activity in the cloudflared logs, indicating that the request doesn’t even make it as far as my server.

The thing that really confuses me about this is that everything worked fine until I upgraded my home router, In addition, swapping back to the old router makes everything work again. This seems like it has to be a configuration issue with my router, but I just don’t understand how that’s possible. Every test I can think of to verify my internet connection shows that it is functioning perfectly.

And I knew it was going to be something dumb. I forgot to transfer all my local DNS rewrites over to my new router. I think my desktop was caching the IPs, so I didn’t realize they were missing. Once those were set, everything immediately started working properly.

1 Like

Sometimes it happens we do forgot a step somewhere in between.

Happy to hear it! :hugs:

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.