Cloudflare Warp Beta (now Argo Tunnel)

Graceful shutdown is the best way to ensure proper deletion. Soon we will have the ability to handle unexpected/forced shutdown.

@dmaroulidis, @smoe17 and @user34 soon we will have HA support to address your problem.

1 Like

Cloudflare warp gracefully shuts down itself. I just have a cronjob running every minute to see if the process is running or not. If not, it attempts to start it up. But during that startup, it takes a little while to process and then it spits back about the maximum tunnels active in the zone, which there should only be one configured in the warp configuration file.

1 Like

@user34 thank you!! that’s a bug, we will fix it

@whe Taking a look. It’s possible we should change the behavior.

1 Like

I have two Cloudflare hosted zones and .
Domain1 has a warp hostname <warp.domain1.com> and domain2 has a subdomain <subdomain.domain2.com> CNAMEd to the <warp.domain1.com>

Both domains have SSL turned to “Full” mode with Authenticated Origin Pulls turned OFF. However, accessing <subdomain.domain2.com> shows Cloudflare Error page for Error 526 - Invalid SSL certificate.

I don’t think it is honoring the SSL “Full” configuration.

Thanks!!

Thanks for testing! This actually isn’t a limitation of the SSL mode, but the edge server restricting Warp connections only to the hostname you specified when starting the client. Changes to SSL mode do not affect Warp connections.

We plan to allow more flexible Warp configuration e.g. configuring multiple hostnames to automatically set up the client, and permitting you to CNAME from any subdomain of domain1.com to warp.domain1.com. Permitting you to CNAME from domain2.com to domain1.com (assuming you control both) is not yet planned.

1 Like

A new release is available.

@whe - following up on the redirects. It’s totally a bug. We’re fixing it.

Hooray! Thanks for the update!

Hi guys,

Exciting to be able to finally use this! I’ve been waiting for a beta access email but as per the blog post a few hours ago I’m trying it out for realsies.

An error I’m hitting is Error 1000 - DNS points to prohibited IP.

Trying to tunnel a local Rails server… here’s the command I’ve run: Cloudflare-warp --hostname {{subdomain.hostname.com}} http://localhost:3000

Also doing just the Cloudflare-warp --hostname {{subdomain.hostname.com}} --hello-world gives me the same thing.

Let me know if there’s any other info you need.

Josh

Trying out Warp after seeing the blog post. Some initial thoughts:

  • First off, this is very exciting stuff! Warp could forever change how hosting is done.
  • A daemonize option would be nice so I don’t have to use nohup (I am running it as an unprivileged user)
  • It takes a lot longer than I would expect to re-establish a tunnel if I Ctrl-C and run Cloudflare-warp again (returns 503s for more than a minute)
  • I had a subdomain of another CF domain CNAME’d to this one and ran into the 526 certificate error. I suspect this is going to be more common than you’re expecting.

Hello,

see this example command :
Cloudflare-warp --hostname gestic.myWrapEnabledDomain --url http://gestic.dev

locally I have a vhost gestic.dev (I know I have to change .dev for local dev because it will be a real TLD soon ?)

but I have the IP = first defined in my httpd config served site

when using Browser Sync http://localhost:3000/ that point to http://gestic.dev, it’s working
Cloudflare-warp --hostname gestic.myWrapEnabledDomain --url http://localhost:3000/

it could be cool if I can bypass Browser Sync :wink:

Excellent idea, I can see this being extremely useful in lots of situations. Two bits of feedback for you:

  1. If the domain you have selected does not have SSL enabled (we use Let’s Encrypt and have CAA setup), the whole process looks to work, but then you can’t connect to your endpoint. Took me a moment to realise. Could be extra validation step when activating domain? If you want the domain details, feel free to PM me.

  2. When ‘Cloudflare-warp login’ occurs, the ‘Authorize’ button could do with immediate feedback, maybe being disabled and then a spinner?

Keep up the great work :grinning:

This sounds REALLY interesting! This means I could use Cloudflare to tunnel my services on my local NAS including custom authentication?!

Currently I’m doing a combination of DDNS and custom authentication via NGINX if the services are accessed externally. This sounds like an easier setup - just daemon the warp process and I would always able to reverse proxy to local webservices.

I see Argo is based on usage with a 5$ activation fee. If I only use it personally I expect the traffic to be <1GB, that would mean I would pay 0.10$/month? Assuming that Warp is similarly priced this would be quite a good offer. 5$/month would be a lot too high though. Looking at the Access pricing it really isn’t good for private use: 5$/user/month. With a private household of four paying 20$ per month is simply too much. Add that to Argo/Warp pricing I think this is more tailored at enterprises.

1 Like

Using version Cloudflare-warp version 2017.11.1 (built 2017-11-06-1601 UTC)

This is the output I get after running the command:

% ~/Downloads Cloudflare-warp --hostname lh.imsean.me http://localhost:3000
INFO[0000] Proxying tunnel requests to http://localhost:3000
INFO[0000] Autoupdate frequency is set to 24h0m0s
INFO[0000] Starting metrics server                       addr=127.0.0.1:40767
INFO[0000] Connected to MSP
INFO[0000] There are currently 0 active tunnels for this zone. You are allowed to have 2  subsystem=rpc
INFO[0000] Registered at https://lh.imsean.me
INFO[0000] There are currently 0 active tunnels for this zone. You are allowed to have 2

I’m assuming everything is running as expected, however after visiting the tunnel, I’m met with this page:

And after a reload:
https://vgy.me/9lh4rh.png (placed in code tags because new users can only include 1 image :confused:)

Just a note regarding dnsmasq and warp.

If you run your own DNS cache using dnsmasq make sure the filterwin2k option is off otherwise you will get this error:

ERRO[0000] Quitting due to error       error="lookup _warp._tcp.Cloudflarewarp.com on 127.0.0.1:53: no such host"

From the dnsmasq config file:
filterwin2k: Note that (amongst other things) this blocks all SRV requests

On the Cloudflare blog it states that WARP can be enabled from the access tab.
However I don’t see any WARP settings there.

I only see a button for for access BETA, which I’m not interested in using.

Can anyone point me in the right direction to enable WARP?
I can’t seem to find what to do in the Cloudflare clientarea website on https://warp.Cloudflare.com/

Regarding WARP, I have a few questions, I’m currently using ARGO without WARP.

  • What kind of performance improvements can I expect when using WARP?
  • Will WARP keep a connection between Cloudflare and my webserver alive to reduce latency and the amount of TCP connections? How does this compare to ARGO without WARP?
  • On the WARP benefits it states that the latency is lower due to ARGO. I’m already using ARGO, how does WARP make this better?
  • Does WARP connect to the webserver with HTTP/2? or does it only use HTTP/2 towards Cloudflare?

Found a random issue. Using Warp, my site’s facebook oauth login function returns 502 (as far as I can tell, every other aspec of the site is fine). I changed it back to regular CF and it works again.

I think this is the relevant log message: http2: invalid Connection request header: [“Keep-Alive”]

Actually, there are tons of those messages, for other pages as well.

I’m trying to setup Wordpress behind warp and I keep getting 502 errors when trying to access the admin area of wordpress. Any suggestions? I have seen people who disable apps, caching, etc for the /wp-admin/* area but that doesn’t seem to help. Need to come up with a good recipe for setting up warp with wordpress.

I notice that I am getting keep alive errors:

error=“Get https://blog.private/wp-login.php: http2: invalid Connection request header: [“Keep-Alive”]”