Nextcloud and Argo Tunnel Bad Gateway

Hi Guys,

it seems others have had issues with nextcloud and argo tunnels, but I’ve been trying all day so far to get this working and just keep coming back to 502 bad gateway errors.

I’m a bit new to tunnels, so didn’t originally realise I could use one tunnel with more than one ingress stanza. I have a tunnel working fine on one machine pointing to zammad. I did the same setup on the machine running nextcloud (from snap if that matters) and I simply can’t get past a 502 error.

I tried moving the dns and the stanza to the zammad machine, still a 502.

I’m using self signed certs on this install (its just a demo one, and I couldn’t get letsencript to auth the certs when I tnied them).

The config is as follows.

tunnel: tunnel-id
credentials-file: /home/pnunn/.cloudflared/tunnel-id.json
logfile: /var/log/cloudflared.log
~

ingress:

  • hostname: nextcloud.marketdispatch.com.au
    service: http://localhost
    originRequest:
    connectTimeout: 10s
    noTLSverify: true
  • service: http_status:404

I have tried with https (self-signed) and with tls disabled, I have tried every combination of service url I can think of, and I ether get 502 or too many redirects.

The service is working if I go directly to the url from the local network.

I’m at a loss… I really don’t know where to go from here.

I’ve just run the tunnel manually and have seen this.

2021-11-16T03:42:15Z ERR error=“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: cannot validate certificate for 192.168.44.165 because it doesn’t contain any IP SANs” cfRay=6aedb5533cdd55b7-SYD ingressRule=0 originService=https://192.168.44.165:443
2021-11-16T03:42:16Z ERR error=“Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: cannot validate certificate for 192.168.44.165 because it doesn’t contain any IP SANs” cfRay=6aedb5597bd055b7-SYD ingressRule=0 originService=https://192.168.44.165:443

Is there a way to stop this error in cloudflare with self signed certs?

Maybe it would work by defining https://localhost:443?

May I ask your own self-signed certificate or Cloudflare Origin CA Certificate?
Furthermore, before moving to Cloudflare, was your Website working over HTTPS connection? If so, did you had an valid SSL certificate installed at your origin host / server which covers both your naked (root) domain any any other needed sub-domain like www, mail, etc.?

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?

Haven’t tried Nextcloud via Cloudflare Tunnel yet and by that I cannot write some more helpful information.

Is your origin host working over the desired 443 port for HTTPS?

May I ask is the 502 error comming from origin host / server or Cloudflare 502 error page?

Do you mean like from HTTP to HTTPS or non-www to www (or vice versa maybe?)?

Try changing to:

tunnel: <Tunnel ID>
credentials-file: foo
originRequest:
     noTLSVerify: true

  - hostname:  nextcloud.marketdispatch.com.au
    service: https://localhost
  - service: http_status:404
loglevel: debug
logfile:  logfile: /var/log/cloudflared.log

And to confirm curl -Ikv https://localhost returns w/o an error?