I’m running a hobby project with a Raspberry Pi on my home network. I’ve gotten apache up and running, and I can connect to it with its local IP. I added a port forward to port 80, and I can connect to its public IP over a VPN. However, I can’t access it through the domain I set up.

I added an A record pointing to the public IP and I keep getting error 522. I haven’t set up any whitelisting/blacklisting yet, so nothing should block Cloudflare on the Pi’s side. The only other thing I can think of is my ISP is blocking Cloudflare, but it would alert me when it blocks an IP from accessing it.

The only other thing I can think of is if there are packet drops, which I heavily doubt as I can connect to its public IP over a VPN.

I did try running a traceroute from the Pi to a few of Cloudflare’s IPs. 173.245.48.0 and 103.22.200.0 give me a random mess that looks like Comcast is running it through a bunch of its own servers, while 103.21.244.0 is accessible in about 7 hops.

Is the issue on my side, Comcast’s, or Cloudflare’s?

Try adding your domain to your local ‘hosts’ file and see if you can connect to it using the FQDN.

Where would I find that? Is it on my modem or the webserver?

Nice, thanks.

A little suggestion from me: you can try implement Argo Tunnel so you don’t have to configure port forwarding and expose port 80 to the public.

I’d like a cheaper option, but this is for security…

Is there anything similar to Argo that I could use for free?

Argo Tunnel is now available for free. You don’t have to purchase Argo in order to use Argo Tunnel.

Oh? It says I have to enable Argo to use Argo Tunnel…

Or do I enable Argo without adding a payment option?

There’s a little bit of confusion in the dashboard itself.
But in fact, you can run Argo Tunnel just fine without the need to enable Argo in the dashboard.

I’ve run a few tunnels from my Raspberry Pi too and it works just fine.

Ok, great!

I’ve closed off the ports for now since Xfinity has started complaining about attackers again. Will I need to reopen port 80 for the pi?

Your Pi is running Apache so definitely port 80 must be opened in the Pi itself.

After that, you can follow the documentation that I sent to you earlier.

Do I drop the binary in /bin, ~/.local/bin, or leave it alone?

Also, I was referring to if I should unblock port 80 on the router. 80 is still open on the pi, but no longer port forwarded.

I would suggest to put the binary file in /usr/local/bin/ folder (this is the default installation directory for cloudflared).

And, port 80 can be closed on the router.

Some quick tips:
First login to your Cloudflare account using cloudflared login
Then, create a new tunnel using cloudflared tunnel create my_tunnel
Next, run the tunnel using cloudflared tunnel run --url localhost:80 my_tunnel

You can change my_tunnel to any name you like.

Lastly, run cloudflared tunnel route dns my_tunnel www.example.com, where you can change www.example.com to your own domain name.

I assume I need a file called “cloudflared,” which I don’t. I got a file called “cloudflared-linux-arm64”

Nevermind, I found it.

Raspberry Pi uses different CPU architecture, and you should get this instead of ARM64 version:

https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz

… I’d assume that’s why I just got am Exec format error

Why should I not use arm64? I have a Raspberry Pi 3 B, and if I’m not mistaken, it has an arm64 processor.

Did you chmod +x /usr/local/bin/cloudflared?