Issue with multiple services on same instance

Thanks for making this available. Great tool indeed.
I must say I was quite lost following the somewhat disjointed documentation on your Reference site. Fortunately I found these two articles that actually made it easier (please consider doing something similar in the Reference area):
https://docs.pi-hole.net/guides/dns-over-https/#configuring-dns-over-https

Anyway… I have run into an issue, perhaps you can point me in the right direction. It looks like the daemon is not capable of running both the Tunnel and the DoH resolver at the same time. When I run the command cloudflared alone at the CLI, it runs both services just fine, getting the settings for both services from the same /etc/cloudflared/config.yml. I can dig DNS queries and access the hello-world page I setup for my domain without a problem. This tells me my config.yml is setup correctly, according to the instructions.

But when I try running the daemon as a service (as per the instructions), it just produces an immediate misconfiguration error and never starts. My guess is I need to put the Tunnel related settings in a different file where the daemon is probably looking. That is not clear at all in the instructions. But the fact that both services start just fine when NOT running the daemon, tells me there is probably a bug in the code. Any guidance will be much appreciated.

In the service file, do you point to the correct config file? It may not be the same you have modified as the normal start looks in the current directory as well.

Yes, I think so. The /etc/cloudflared folder contains both the cert.pem and config.yml files. If I stop the service and just run “cloudflared” without any parameters, I can see all my settings being initialized, for both the Argo Tunnel and the DNS Proxy, and they both work but in console mode. When I stop the console and run the command to start the service, it complains about the Argo Tunnel stuff. If I comment out either the Argo stuff, or the DNS Proxy stuff, both work just fine as a service independently, but not together. Does that make sense?

Here is my config (I just replaced my real domain with mydomain.com):

hostname: mydomain.com
url: https://localhost:8000
hello-world: true

proxy-dns: true
proxy-dns-port: 5333
proxy-dns-upstream:

Here is what comes up when I just run “cloudflared” without parameters:
[email protected]:/etc/cloudflared $ cloudflared
INFO[0000] Version 2020.5.1
INFO[0000] GOOS: linux, GOVersion: go1.12.7, GoArch: arm
INFO[0000] Flags hello-world=true hostname=mydomain.com proxy-dns=true proxy-dns-port=5333 proxy-dns-upstream=“https://1.1.1.1/dns-query, https://1.0.0.1/dns-query” url=“https://localhost:8000
INFO[0000] Adding DNS upstream url=“https://1.1.1.1/dns-query
INFO[0000] Adding DNS upstream url=“https://1.0.0.1/dns-query
INFO[0000] Starting DNS over HTTPS proxy server addr=“dns://localhost:5333”
INFO[0000] Starting metrics server addr=“127.0.0.1:45761/metrics”
INFO[0000] cloudflared will not automatically update when run from the shell. To enable auto-updates, run cloudflared as a service: https://developers.cloudflare.com/argo-tunnel/reference/service/
INFO[0000] hello-world set
INFO[0000] Starting Hello World server at 127.0.0.1:37645
INFO[0000] Proxying tunnel requests to https://127.0.0.1:37645
INFO[0000] Connected to ORD connectionID=0

I didn’t include the HA connection IDs for privacy, but there are no errors in the code that goes below that.

When I install the service I get one error. Maybe that’s where the problem lies?

[email protected]:/etc/cloudflared $ sudo cloudflared service install
INFO[0000] Using Systemd
ERRO[0000] systemctl: Created symlink /etc/systemd/system/multi-user.target.wants/cloudflared.service → /etc/systemd/system/cloudflared.service.
INFO[0000] systemctl daemon-reload

Then trying to start the service fails:

[email protected]:/etc/cloudflared $ sudo systemctl start cloudflared
Job for cloudflared.service failed because the control process exited with error code.
See “systemctl status cloudflared.service” and “journalctl -xe” for details.

But if I remove either the 3 lines related to the Argo Tunnel, or the 5 lines related to the DNS Proxy, then it works for those services independently, but not together. That’s where I’m stuck.

I take that last statement back… If I just leave the Argo Tunnel code in, it won’t start either. Same error. Only the DNS Proxy code is observed from that config file. The only way I have been able to get the Argo Tunnel to work is from the command line, but not as a service.

Have you actually tried looking at the status and calling the services after that error?

It sometimes throws the error even though it works.

Correct. I just tried it, and my browser shows an error 1033, Argo Tunnel Error.

Can you post the result of sudo service cloudflared status?

[email protected]:/etc/cloudflared $ sudo service cloudflared status
● cloudflared.service - Argo Tunnel
Loaded: loaded (/etc/systemd/system/cloudflared.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Sun 2020-06-07 18:17:49 CDT; 2s ago
Process: 16973 ExecStart=/usr/local/bin/cloudflared --config /etc/cloudflared/config.yml --origincert /etc/c
Main PID: 16973 (code=exited, status=1/FAILURE)

That is all the message? Well…

I can imagine that a single config file doesn’t work, why not just create different services (as is best practice)?

I think you are correct, and I think that may be best also. I am not sure how to go about that. Am I able to run them both on the same device, in this case a Raspberry Pi? Do I need to register two separate services from the same installation (file location)? Or do I need to install in a different folder? And, where do I place the config.yml for the Argo Tunnel?

Sorry about all the noob questions, but I’m having a heck of a time getting this to work. I was able to get NextDNS DoH proxy to work with a single install command, so I got spoiled there.

BTW, here are the Status results if I remove the Argo Tunnel code from config:

[email protected]:/etc/cloudflared $ sudo service cloudflared status
● cloudflared.service - Argo Tunnel
Loaded: loaded (/etc/systemd/system/cloudflared.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-06-07 18:28:00 CDT; 20s ago
Main PID: 18842 (cloudflared)
Tasks: 10 (limit: 4915)
Memory: 5.6M
CGroup: /system.slice/cloudflared.service
└─18842 /usr/local/bin/cloudflared --config /etc/cloudflared/config.yml --origincert /etc/cloudflar

Jun 07 18:28:00 raspberrypi-2 systemd[1]: Starting Argo Tunnel…
Jun 07 18:28:00 raspberrypi-2 cloudflared[18842]: time=“2020-06-07T18:28:00-05:00” level=info msg="Version 202
Jun 07 18:28:00 raspberrypi-2 cloudflared[18842]: time=“2020-06-07T18:28:00-05:00” level=info msg="GOOS: linux
Jun 07 18:28:00 raspberrypi-2 cloudflared[18842]: time=“2020-06-07T18:28:00-05:00” level=info msg=Flags config
Jun 07 18:28:00 raspberrypi-2 cloudflared[18842]: time=“2020-06-07T18:28:00-05:00” level=info msg="Adding DNS
Jun 07 18:28:00 raspberrypi-2 cloudflared[18842]: time=“2020-06-07T18:28:00-05:00” level=info msg="Adding DNS
Jun 07 18:28:00 raspberrypi-2 cloudflared[18842]: time=“2020-06-07T18:28:00-05:00” level=info msg="Starting DN
Jun 07 18:28:00 raspberrypi-2 cloudflared[18842]: time=“2020-06-07T18:28:00-05:00” level=info msg="Starting me
Jun 07 18:28:00 raspberrypi-2 systemd[1]: Started Argo Tunnel.

Alright, steps.

  1. stop, if needed, and disable the old one sudo systemctl disable cloudflared.service if you changed the name.
  2. duplicate the config.yml file (same as the service, I would say, so config-dns.yml and config-web.yml)
  3. duplicate the cloudflared.service file (I would do something like cloudflared-dns.service and cloudflared-web.service).
  4. modify the files from line 3 so the config points to the correct one.
  5. enable them sudo systemctl enable cloudflared-dns.service and sudo systemctl enable cloudflared-web.service

This applies to any number of them, obviously (I have 10 on one machine, for example).

2 Likes

That sounds exactly like what I need. I will give that a try.

Hey Matteo, thank you so much for taking the time to help me out. I’m sure you have better things to do with your weekends. :slight_smile:

1 Like

Well, it’s technically Monday here already :stuck_out_tongue:

Sorry to bug you again. Where is (or should be) the cloudflared.service file?
When I executed the disable command, it removed the file:

[email protected]:/etc/cloudflared $ sudo systemctl disable cloudflared.service
Removed /etc/systemd/system/multi-user.target.wants/cloudflared.service.

Do I need to re-enable the service using the same old name, and once the file is created, then do the renaming?

If I try running sudo cloudflared service install, it now fails, telling me I should have two files in the /etc/cloudflared folder, one named cert.pem (which is there), and one named config.yml (which no longer exists since I renamed the two copies as suggested).

The location varies by device, but they should in /etc/systemd/system given that output.

You need to edit the files to point to the new config files, obviously.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.