Cloudflare argo tunnel gives bad gateway error

I have setup argo tunnel on nginx and it’s gives 502 error, but but when it’s dns setup the web server work’s great!!.

tunnel: 796c6fde-bae0-476f-86d6-3dfd022d6143
credentials-file: /home/cloudcreatr/.cloudflared/796c6fde-bae0-476f-86d6-3dfd022d6143.json

ingress:
  - hostname: wp.cloudcreatr.com
    service: https://localhost:443
    originRequest:
      connectTimeout: 10s
      noTLSVerify: true
  # Catch-all rule, which just responds with 404 if traffic doesn't match any of
  # the earlier rules
  - service: http_status:404
warp-routing:
  enabled: true

Nginx config


server {
    
    server_name wp.cloudcreatr.com;
    root /var/www/wp;

    index index.html index.htm index.php;
    
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate         /etc/ssl/cert.pem;
    ssl_certificate_key     /etc/ssl/key.pem;
    
    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
    }

    location / {
        #try_files $uri $uri/ =404;
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
     }

    location ~ /\.ht {
        deny all;
    }

}

@eva2000 did face this issue, how did you overcome this one with argo tunnel

@erictung could you please help, I try to troubleshoot. Nginx server responds when dns is setup to 443 but when I setup argo tunnel it gives bad gateway error

502 errors are outlined at Community Tip - Fixing Error 502 / 504: Bad Gateway and due to either CF edge or origin. For Argo tunnel 502, usually happen when cloudflared daemon is down or unresponsive to CF edge server connections.

Make sure you read documentation at https://developers.cloudflare.com/cloudflare-one/connections/connect-apps and:

  1. Cloudflared daemon on your origin server is running properly and persists i.e. cloudflared daemon service install and configuration https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/run-as-service
  2. you have properly configured your server’s local firewall’s outbound rules as per instructions at https://developers.cloudflare.com/cloudflare-one/faq/cloudflare-tunnels-faq/#what-are-the-ports-and-ips-used-by-cloudflared

What are the ports and IPs used by cloudflared ?

Users can implement a positive security model with Cloudflare Tunnel by restricting traffic originating from cloudflared. The parameters below can be configured for egress traffic inside of a firewall.

Edge connections

API requests

Below the output of dig commands towards the above hostnames:

$ dig region1.argotunnel.com
...

;; ANSWER SECTION:
region1.argotunnel.com. 86400   IN  A   198.41.192.7
region1.argotunnel.com. 86400   IN  A   198.41.192.47
region1.argotunnel.com. 86400   IN  A   198.41.192.107
region1.argotunnel.com. 86400   IN  A   198.41.192.167
region1.argotunnel.com. 86400   IN  A   198.41.192.227

...

$ dig region2.argotunnel.com

...

;; ANSWER SECTION:
region2.argotunnel.com. 300 IN  A   198.41.200.193
region2.argotunnel.com. 300 IN  A   198.41.200.233
region2.argotunnel.com. 300 IN  A   198.41.200.13
region2.argotunnel.com. 300 IN  A   198.41.200.53
region2.argotunnel.com. 300 IN  A   198.41.200.113

...

$ dig api.cloudflare.com

...

;; ANSWER SECTION:
api.cloudflare.com.     41      IN      A       104.19.193.29
api.cloudflare.com.     41      IN      A       104.19.192.29

...
  • These IP addresses are unlikely to change but in the event that they do, Cloudflare will update the information here.

If this should be the case, then it should return bad gateway error when it’s with dns setup also right. It only returns when argo tunnel is connected.

I tried both the way, two run as service and by keeping ssh session on

I don’t use any firewall like ufw and talking about AWS all out bound traffic is allowed.

A small suggestion @eva2000, could please make a tutorial on how to connect argo tunnel to nginx wordpress with full setup on ubuntu and lemp stack. I read about your mod it’s nice but it would be good if you can make a tutorial specially for this setup

Can you also please make one for Lightspeed on REL as well? :pray:

not for nginx DNS setup as nginx would be the origin. In Argo Tunnel, cloudflared daemon would be the origin basically. Argo Tunnel setups the cloudflared daemon basically becomes the origin that CF edge servers connect to first and it’s when the cloudflared daemon is down or unresponsive that 502 might occur. It doesn’t though rule out Nginx being down or unresponsive between cloudflared daemon and nginx origin locally.

As I said before, try disabling

warp-routing:
  enabled: true

I don’t use Ubuntu. I develop my own Centmin Mod LEMP stack for Nginx + PHP-FPM + MariaDB based on CentOS 7 (working on CentOS 8/AlmaLinux/Rocky Linux 8 compatibility).

As long as Nginx (or Litespeed) is configured to work properly via DNS setup + local system firewall is configured properly + cloudflared daemon is configured properly, then Argo Tunnel should work

I tried disabling the warp, can you please give more troubleshooting steps so that I can make it work with nginx.

My previous issues was that nginx was redirecting to default page, so I removed it and it solved but end up giving bad gateway error.

I think when I will solve the bad gateway error, I will not require the code to put in wp config

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
    $_SERVER['HTTPS'] = 'on';

Don’t think it’s nginx issue but your cloudflared daemon and/or local firewall setup - your site gets a 530 status code with 1033 error message https://support.cloudflare.com/hc/en-us/articles/360029779472-Troubleshooting-Cloudflare-1XXX-errors#h_W81O7hTPalZtYqNYkIHgH

Error 1033: Argo Tunnel error

Common cause

You’ve requested a page on a website ( tunnel.example.com ) that is on the Cloudflare network. The host ( tunnel.example.com ) is configured as an Argo Tunnel, and Cloudflare is currently unable to resolve it.

Resolution

  • If you are a visitor of this website : Please try again in a few minutes.
  • If you are the owner of this website : Ensure that cloudflared is running and can reach the network. You may wish to enable load balancing for your tunnel.

I wouldn’t use CF load balancer as that just would add more factors into the mix if you haven’t got cloudflared daemon working yet

you should be able to list your tunnels and info via commands on your server via SSH

cloudflared tunnel list

then on listing note the NAME of your tunnel and

cloudflared tunnel info NAME

replace NAME with name of your tunnel and info will show real IP address from origin, version of cloudflared daemon and edge locations connected to as well as tunnelid and when tunnel was created

also check cloudflared daemon status and logs - just be careful sensitive info in the logs, so I wouldn’t post them publicly on the forums. I would create a cloudflare support ticket and post the info in the ticket and then provide ticket number on the forums so cf staff can check

systemctl status cloudflared

and logs

journalctl -u cloudflared --no-pager
1 Like

Its disconnected, I have discontinued so I am trying with new installation again

This is because I didn’t properly configured the https and port 443 of nginx, so when you do it properly the argo tunnel will connect to port 443.

I had followed digital ocean guide on how to install lemp stack and WordPress with nginx so it was giving a lot of error.

Now I have set up the server with spinupwp and the argo tunnel connect well on port 443. So I suggest to follow spinupwp guide

Thanks @eva2000

1 Like