Cloudflare tunnel looks for local service on port 8080 regardless of service configuration

greg33 · January 25, 2023, 2:51pm

When I attempt to access my local web server through a Cloudflare tunnel, it does not work because Cloudflare attempts to access my local (origin) service on port 8080, when in fact it is running in port 80.

My config file looks like this:

tunnel: <UUID>
credentials-file: <PATH>
ingress:
  - hostname: macmini.mydomain.com
    service: http://192.168.0.1:80
  - service: http_status:404

And the tunnel output looks like this:

2023-01-22T15:31:26Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp [::1]:8080: connect: connection refused" connIndex=1 dest=https://macmini.mydomain.com/index.html ip=198.41.200.23 type=http

I can see in the tunnel output that it cannot reach the origin service at [::1]:8080. I want it to be trying at port 80 instead. If I configure Apache to listen on port 8080 (which I don’t want to do), all is well.

How I can I configure the tunnel so that it looks for my local (origin) service on port 80?

Thanks!

albert · January 25, 2023, 2:56pm

What command are you using to run the tunnel?

fritex · January 25, 2023, 2:57pm

Windows or Linux?

Might be your config.yml file is in wrong user directory.

Had the same issue recently at school.
I think it’s default set to 8080 somehow
That way, I figured it out and fixed it by creating the .cloudflared directory and copy-paste config.yml inside my “local” user, instead of the “root”.

However, on other device, it works pretty fine at “root”.

Could you try that way?

greg33 · January 25, 2023, 8:32pm

Hi, and thank you for your help.

I am running the tunnel using the following command:

cloudflared tunnel run <my-tunnel-name>

greg33 · January 25, 2023, 8:44pm

I am running the tunnel on a Mac.

The config file is the .cloudflared subdirectory in my home directory, and I get the same result even if I specify it explicitly. Below, I show:

the contents of ~/.cloudflared/config.yml, and
the tunnel log illustrating that Cloudflare is still looking for my service on port 8080 instead of port 80.

$ cat ~/.cloudflared/config.yml 
tunnel: 1af5b8b9-3945-4ec3-946c-2ca081edc7f9
credentials-file: /Users/<my-username>/.cloudflared/1af5b8b9-3945-4ec3-946c-2ca081edc7f9.json
ingress:
  - hostname: macmini.<my-domain>.com
    service: http://192.168.0.1:80 
  - service: http_status:404

$ cloudflared tunnel --config ~/.cloudflared/config.yml run <my-tunnel-name>
... <snip!> ...
2023-01-25T20:40:45Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp [::1]:8080: connect: connection refused" cfRay=78f3d364db9f0cc1-EWR originService=http://localhost:8080

Thank you very much for your attention and help!

greg33 · January 31, 2023, 4:16pm

Still no solution to this one – anyone else encountering the same/similar issue?

Chaika · January 31, 2023, 4:48pm

It sounds like something is wrong with your config or setup, as I believe localhost:8080 is the default if the yaml cannot be parsed.

Cloudflared has a few helpful commands for testing, to test what an ingress rule matches:
cloudflared tunnel --config ~/.cloudflared/config.yml ingress rule https://macmini.example.com
or to just validate the config
cloudflared tunnel --config ~/.cloudflared/config.yml ingress validate

Alternatively, you could use Zero Trust GUI Managed Tunnels which are a bit easier and automagically update configuration on any changes

greg33 · February 1, 2023, 12:31pm

Thanks for your suggestions RealChaika,

Asking cloudlflared to validate the ingress rules produces an error, but I don’t know why. Why would cloudflared complain that there are no ingress rules in the following configuration?

$ cloudflared tunnel --config ~/.cloudflared/config.yml ingress validate
Validating rules from /Users/<myuser>/.cloudflared/config.yml
Validation failed: The config file doesn't contain any ingress rules

$ cat /Users/<myuser>/.cloudflared/config.yml
tunnel: 1af5b8b9-3945-4ec3-946c-2ca081edc7f9
credentials-file: /Users/<myuser>/.cloudflared/1af5b8b9-3945-4ec3-946c-2ca081edc7f9.json
ingress:
  - hostname: macmini.<myserver>.com
    service: http://192.168.0.1:80 
  - service: http_status:404

Chaika · February 1, 2023, 2:05pm

I would assume the same validation error is also why your config doesn’t work: It can’t read it and defaults to localhost:8080.

To me that config looks fine and copy-pasting it into my local cloudflared seems to load fine, but perhaps the forum is normalizing it in some way and there’s some hidden character breaking the yml? Or could be something mac specific, I was testing on a Linux machine