Cloudflare Tunnel - BadGateway 502 - HostError

My domain: DOMAIN_NAME
My website name: WEBSITE_NAME (Yes, I know is the same as the domain name…maybe sounds stupid but when I started I didn’t know to many things. Now is a pain because I don’t know which of it is referred)
It works on http://localhost/WEBSITE_NAME
https://WEBSITE_NAME return BadGateway Error 502 DOMAIN_NAME HostError
Also have tried with :80 at the end, doesn’t work
In the config.yml: url: http://localhost:8000
The tunel has been configured from command line, not from ZeroTrust dashboard.

If i change the config.yml according to this post, i don’t get bad gateway anymore but an empty page instead, not loading my index.php:


url: http://localhost:8000
tunnel: TUNNEL_ID
credentials-file: /home/alex/.cloudflared/TUNNEL_ID.json

Looking for a solution i have found that the first step would be to get the logs:

debug http GET https://DOMAIN_NAME/WEBSITE_NAME/?id= HTTP/1.1 {“connIndex”:3,“content-length”:0,“headers”:{“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7”],“Accept-Encoding”:[“gzip, br”],“Accept-Language”:[“en-US,en;q=0.9,ro-RO;q=0.8,ro;q=0.7”],“Cache-Control”:[“max-age=0”],“Cdn-Loop”:[“cloudflare”],“Cf-Cf700onnecting-Ip”:[“IPv6”],“Cf-Ipcountry”:[“RO”],“Cf-Ray”:[“866f44210d170541-OTP”],“Cf-Visitor”:[“{"scheme":"https"}”],“Cf-Warp-Tag-Id”:[“41d862f0-9e71-4428-8610-b73037b27b1b”],“Priority”:[“u=0, i”],“Sec-Ch-Ua”:[“"Google Chrome";v="119", "Chromium";v="119", "Not?A_Brand";v="24"”],“Sec-Ch-Ua-Mobile”:[“?1”],“Sec-Ch-Ua-Platform”:[“"Android"”],“Sec-Fetch-Dest”:[“document”],“Sec-Fetch-Mode”:[“navigate”],“Sec-Fetch-Site”:[“none”],“Sec-Fetch-User”:[“?1”],“Upgrade-Insecure-Requests”:[“1”],“User-Agent”:[“Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Mobile Safari/537.36”],“X-Forwarded-For”:[“IPv6”],“X-Forwarded-Proto”:[“https”]},“host”:“DOMAIN_NAME”,“ingressRule”:0,“originService”:“http://localhost:8000”,“path”:“/WEBSITE_NAME/”} error http {“connIndex”:3,“error”:“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp connect: connection refused”,“ingressRule”:0,“originService”:“http://localhost:8000”}
2024-03-19T17:43:41Z error cloudflared Request failed {“connIndex”:3,“dest”:“https://DOMAIN_NAME/WEBSITE_NAME”,“error”:“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp connect: connection refused”,“ip”:“MY_IP”,“type”:“http”}

Also, if that matters, etc/apache2/sites-available/WEBSITE_NAME.conf

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.

	ServerAdmin MY_EMAIL
	ServerAlias www.WEBSITE_NAME
	DocumentRoot /var/www/html
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    <Directory /var/www/html/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

If you’re using http and not specifying a port, it’s defaulting to port 80

Yet you have it setup for 8000 here?

Your apache config is only listening on port 80 as well.

Did you say, you already tried port 80? If not, I would, and I would specify directly as well, instead of localhost which could be trying IPv6 loopback.
Technically you don’t need to specify 80 at all if as the default anyway.

The best way to test is attempting the same url from the same machine as the host, like with curl http://localhost:80 on linux.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.