Optimal and efficient configuration of argo tunnel to use with website

I want to ask everyone , who knows about cloudflare argo tunnel. @eva2000

What will be a optimal configuration for argo tunnel to use with website or as a web server.

It could be very helpful if you could add anything to this configuration that makes the argo tunnel experience to use with website much more optimal, and adds more functionality.

Till now I have found out about noTLSVerify: true , connectTimeout: 10s

tunnel: id
credentials-file: file path

ingress:
  - hostname: example.com
    service: https://localhost:443
    originRequest:
      connectTimeout: 10s
      noTLSVerify: true
  # Catch-all rule, which just responds with 404 if traffic doesn't match any of
  # the earlier rules
  - service: http_status:404
warp-routing:
  enabled: true

Thanks in advance to all :slightly_smiling_face:

Depends on your web app/origin you’re connecting to as well. But you can start with switching from HTTP/2 protocol connection to QUIC protocol connections which Cloudflare announced today https://blog.cloudflare.com/getting-cloudflare-tunnels-to-connect-to-the-cloudflare-network-with-quic/

I updated my Cloudflare Argo Tunnel guide for this as well https://blog.centminmod.com/2021/02/09/2250/how-to-setup-cloudflare-argo-tunnel-on-centos-7/

Do I need to make any changes in cloudflare tunnel config in order to use the quic @eva2000

Yes you need to make a change to the protocol argument in your config file. I mention it at https://blog.centminmod.com/2021/02/09/2250/how-to-setup-cloudflare-argo-tunnel-on-centos-7/#step-3-creating-cloudflared-yaml-config-file

So you can now choose between protocol: http2 or protocol: quic in your configuration file. See the protocol argument for configuring Cloudflare Tunnel.

@eva2000 will this improve performance of wordpress website connected using Argo tunnel. Have you changed your blog Argo tunnel configuration to quic ? @eva2000

Yes already switched my Wordpress blog at https://blog.centminmod.com/ to using CF Tunnel over QUIC protocol. In theory should be better than HTTP/2 but in practise, we shall see :slight_smile:

1 Like

Please let us know if QUIC transport is providing performance!
@cloudcreatr we always recommend using https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress#originservername and https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress#capool over noTLSVerify.

1 Like

Let me spinup a server, but do you recommend using quic

@chungting @eva2000 in a new server I install the latest cloudflared (cloudflared version 2021.10.3)

But with quic protocol it doesn’t seems to work

How you used it,

@cloudcreatr can you make sure your firewall allows UDP packets?

@chungting ufw or AWS security group. Outbound right?

@chungting I disabled ufw and also all outbound port and protocal in AWS security group and still not working

@cloudcreatr @omnaidu42 if you are running on Linux, you can try traceroute to see if packets can reach our edge network:

traceroute region1.cloudflarewarp.com 
traceroute: Warning: region1.cloudflarewarp.com has multiple addresses; using 198.41.192.107
traceroute to region1.cloudflarewarp.com (198.41.192.107), 64 hops max, 52 byte packets
 1  198.41.192.107 (198.41.192.107)  12.005 ms  10.912 ms  9.922 ms

I am new to this, is it correct? @chungting

@chungting Even installing a fresh ubuntu server on AWS it shows the same

This means your packet reached our network. I’m not familiar with AWS, so I’m not sure if there are other settings that might block UDP traffic. Can you try to run without protocol: quic to see which data centers you are connected to?

@chungting I did google search and they say there’s packetloss

@chungting do I need enable this on ubuntu?
https://docs.aws.amazon.com/dcv/latest/adminguide/enable-quic.html

I’m not familiar with NICE DCV, but from what I can tell it’s for your remote desktop session, so you shouldn’t need it to run tunnels. I tested that our BOM and DEL data centers are accepting QUIC traffic, so the problem is likely with your AWS network config. I would recommend checking with AWS if there are other things you need to allow QUIC traffic.