I’m starting to use Terraform to manage my Cloudflare account and have configured a tunnel through code. All working perfectly, Zero Trust dashboard is identical to my code, except that when starting the tunnel from my Linux machine the configuration is not synced from my account (but shows healthy in the dashboard).
The service I’ve added is running on port 8096, but when I try to access it I get a “Bad gateway Error code 502” and the log shows that I’m trying to access “http://localhost:8080” instead of 8096.
I already redeployed this tunnel and adding a second service after tunnel creation forces a sync and fixes the issue, even if I remove the second service.
Looks like a bug to me.
Here’s the journalctl output:
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z INF Starting tunnel tunnelID=<GUID>
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z INF Version 2022.12.1
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z INF GOOS: linux, GOVersion: go1.19.3, GoArch: amd64
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z INF Settings: map[no-autoupdate:true token:*****]
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z INF Generated Connector ID: <GUID>
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z INF Will be fetching remotely managed configuration from Cloudflare API. Defaulting to protocol: quic
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z INF Initial protocol quic
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z INF cloudflared will not automatically update if installed by a package manager.
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z INF ICMP proxy will use <INTERNAL IPv4> as source for IPv4
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z INF ICMP proxy will use <LINK LOCAL IPv6> in zone eth0 as source for IPv6
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z WRN The user running cloudflared process has a GID (group ID) that is not within ping_group_range. You might need to add that user to a group within that range, or instead update the range to encompass a group the user is already in by modifying /proc/sys/net/ipv4/ping_group_range. Otherwise cloudflared will not be able to ping this network error="Group ID 0 is not between ping group 1 to 0"
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z WRN ICMP proxy feature is disabled error="cannot create ICMPv4 proxy: Group ID 0 is not between ping group 1 to 0 nor ICMPv6 proxy: socket: permission denied"
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022-12-27T02:37:40Z INF Starting metrics server on 127.0.0.1:39601/metrics
Dec 27 03:37:40 my-hostname cloudflared[22917]: 2022/12/27 03:37:40 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
Dec 27 03:37:41 my-hostname cloudflared[22917]: 2022-12-27T02:37:41Z INF Connection <GUID> registered with protocol: quic connIndex=0 ip=198.41.200.53 location=BRU
Dec 27 03:37:41 my-hostname cloudflared[22917]: 2022-12-27T02:37:41Z INF Connection <GUID> registered with protocol: quic connIndex=1 ip=198.41.192.67 location=AMS
Dec 27 03:37:42 my-hostname cloudflared[22917]: 2022-12-27T02:37:42Z INF Connection <GUID> registered with protocol: quic connIndex=2 ip=198.41.200.33 location=BRU
Dec 27 03:37:43 my-hostname cloudflared[22917]: 2022-12-27T02:37:43Z INF Connection <GUID> registered with protocol: quic connIndex=3 ip=198.41.192.227 location=AMS
Dec 27 03:38:36 my-hostname cloudflared[22917]: 2022-12-27T02:38:36Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp [::1]:8080: connect: connection refused" cfRay=<RAY-ID>-AMS originService=http://localhost:8080