How to connect argo tunnel to the WordPress website

@eva2000 If cloudflare argo tunnel make a secure connection to orgin then why we need Orgin certificate for wordpress. :thinking:

To secure the connection between cloudflared and origin server. There is 3 connections to secure.

Visitor > CF edge server > cloudflared daemon on origin > origin server

1 Like

If you already have Cloudflare Tunnel protecting your origin, then Authenticated Origin Pull seems like an overkill. To make an analogy, it’s like applying ZIP compression to a file that’s already a ZIP — it will be redundant.

It should be possible to have it working, but I never tried. By definition if you are using Tunnel, then it’s already coming from Cloudflare, so I’d just ditch Authenticated Origin Pull.

1 Like

@eva2000 @nuno.diegues thanks a lot

1 Like

I tried it accidentally and didn’t work for me heh :slight_smile:

You’re welcome :slight_smile:

FYI, tried adding originServerName to originRequest section and it seems to work so updated my guide at https://blog.centminmod.com/2021/02/09/2250/how-to-setup-cloudflare-argo-tunnel-on-centos-7/

@eva2000 did you ever used cloudflare argo tunnel metrics

not really

@eva2000 With cloudflare full strict ssl and nginx config. I get 404 error or its not redirected to the actual files in var/www/… But goes to root /var/www/html/

Nginx config

server {
    listen 80;
    listen [::]:80;
    server_name wp.cloudcreatr.com;
    #return 302 https://$server_name$request_uri;
}

server {

    # SSL configuration

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate         /etc/ssl/cert.pem;
    ssl_certificate_key     /etc/ssl/key.pem;

    server_name wp.cloudcreatr.com;

    root /var/www/wp;
    index index.html index.htm index.nginx-debian.html;


    location / {
            try_files $uri $uri/ =404;
    }
}

Enabling this gives redirect loop

    #return 302 https://$server_name$request_uri

Also my cloudflare tunnel config file

tunnel: 796c6fde-bae0-476f-86d6-3dfd022d6143
credentials-file: /home/cloudcreatr/.cloudflared/796c6fde-bae0-476f-86d6-3dfd022d6143.json

ingress:
  - hostname: wp.cloudcreatr.com
    service: https://localhost:443
    originRequest:
      connectTimeout: 10s
      noTLSVerify: true
  - hostname: wpp.cloudcreatr.com
    service: http://localhost:80
  # Catch-all rule, which just responds with 404 if traffic doesn't match any of
  # the earlier rules
  - service: http_status:404
warp-routing:
  enabled: true

@nuno.diegues I have set niginx config to server files for port 443

server {

    # SSL configuration

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate         /etc/ssl/cert.pem;
    ssl_certificate_key     /etc/ssl/key.pem;

    server_name wp.cloudcreatr.com;

    root /var/www/wpp;
    index index.html index.php index.htm index.nginx-debian.html;


    location / {
            try_files $uri $uri/ =404;
    }
}

And the used argo tunnel to connect port 443 at localhost.

tunnel: 796c6fde-bae0-476f-86d6-3dfd022d6143
credentials-file: /home/cloudcreatr/.cloudflared/796c6fde-bae0-476f-86d6-3dfd022d6143.json

ingress:
  - hostname: wp.cloudcreatr.com
    service: https://localhost:443
    originServerName: wp.cloudcreatr.com
    originRequest:
      connectTimeout: 10s
      noTLSVerify: true
      
  # Catch-all rule, which just responds with 404 if traffic doesn't match any of
  # the earlier rules
  - service: http_status:404
warp-routing:
  enabled: true

But when I visited the address I see default nginx page that is /var/www/html whereas nginx should server files that is mentioned in config that is var/www/wp

Now i added this code to nginx config to use port 80

server {
    listen 80;
        listen [::]:80;
            server_name wp.cloudcreatr.com;
                

    root /var/www/wp;
        index index.html index.php index.htm index.nginx-debian.html;

    location / {
                try_files $uri $uri/ =404;
                    }
}

server {

    # SSL configuration

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate         /etc/ssl/cert.pem;
    ssl_certificate_key     /etc/ssl/key.pem;

    server_name wp.cloudcreatr.com;

    root /var/www/wpp;
    index index.html index.php index.htm index.nginx-debian.html;


    location / {
            try_files $uri $uri/ =404;
    }
}

Now argo tunnel serves files from port 80 even after specifying 443 in cloudflare config file. Cloudflare config is same for both part.

My question is, why cloudflare argo tunnel doesn’t serve file’s from port 443 and gives files from port 80.

after setting redirect from http to https in nginx this gives redirect loop so I removed it.

@eva2000 can you give your nginx config or sample of it

if you aren’t using private networking or don’t have it configured, remove warp-routing as it’s not needed

I develop my own Centmin Mod LEMP stack and has a Wordpress auto installer so not standard Nginx configs

@eva2000

Its configured. What you feel about this

Some say to use this code $_SERVER[‘HTTPS’] = ‘on’; in wp config, it does solve but it’s not a good practice right.

I replaced to https in database and even wordpress site url but still shows the same

@eva2000 did you use the below code (close to the code not exact match ) in your WordPress config or mod

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
   $_SERVER['HTTPS']='on';

No need if you restore real IPs as Cloudflare instructs at the Nginx server level https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs-Logging-visitor-IP-addresses-with-mod-cloudflare- and combine that with adjustments for Nginx logging of the real IP https://blog.centminmod.com/2021/02/09/2250/how-to-setup-cloudflare-argo-tunnel-on-centos-7/#centmin-mod-nginx-access-logs

@eva2000 please send your cloudflare argo tunnel and nginx config. Also how to use originServerName in cloudflare config. Can i put the domain that is routed through argo tunnel

Listed in updated guide at https://blog.centminmod.com/2021/02/09/2250/how-to-setup-cloudflare-argo-tunnel-on-centos-7/

I suggest you disable Argo Tunnel first and make sure you have Wordpress oigin server working properly with HTTPS and SSL certificate first.

Not really relevant to non-Centmin Mod Nginx Wordpress sites, this is from my Centmin Mod Nginx Wordpress auto installer’s Cache Enabler full HTML page caching option auto generated Nginx Wordpress config (https://blog.centminmod.com/2020/09/06/203/wordpress-cache-enabler-advanced-full-page-caching-guide/) at centmin.sh menu option 22 wordpress yourdomain.com 123.09beta01 28/02/21 · GitHub. This is the self-signed SSL cert config before Letsencrypt SSL certs are applied to modify the Nginx vhost config.

At Wordpress install time https://blog.centminmod.com/2019/07/15/122/how-to-install-wordpress-on-centmin-mod-lemp-stack-guide/, auto installer will ask user which full HTML page caching option Centmin Mod users want to auto configure for their Wordpress installations.

--------------------------------------------------------
Wordpress Caching 
--------------------------------------------------------
1) KeyCDN Cache Enabler
2) Redis Nginx Level Caching
3) WordPress Super Cache
4) Fastcgi_cache (PHP-FPM)
--------------------------------------------------------
Enter option [ 1 - 4 ] 4

You don’t need this when you configured your server for port 443 properly. I tried with spinupwp and they did wordpress config with nginx and the argo tunnel was running awesome on port 443 without the code

    if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
        $_SERVER['HTTPS'] = 'on';

No you don’t need this code if you have configured you server to respond to port 443

I received this error because the Orgin server was not properly configured for port 443, I tested a new nginx server with spinupwp and the argo tunnel works great without any extra config

This is also due to misconfigered https and port 443.
When you have successfully configured server for port 443 and https. the argo tunnel will connect to the WordPress website on nginx without any problems

Set noTLSVerify: true in your cloudflare argo tunnel config

You require orgin certificate. Even if you are using cloudflare argo tunnel to connect with WordPress on port 443

Dont use cloudflare authicated orgin pull with cloudflared Argo tunnel

This is because I didn’t remove the default nginx page ‘welcome page’ so it’s recommended to remove that, after this I was facing bad gateway error that is due to misconfigered https and port 443

@eva2000 @nuno.diegues thanks a lot for the help

This error I got after following tye digital ocean guide on LEMP and WordPress nginx setup never the less it gave a lot of experience.

I recommend following spinupwps guide to install WordPress and nginx