Zero Trust Tunnel Unable to reach the origin service

singhbadal04 · August 11, 2023, 6:41pm

I am running filebrowser docker container on my server which i want to access using cloudflare tunnel. Its running on -p 8080:80

Accordingly i have created a tunnel on cloudflare zero trust. The status is displayed as healthy. Then i added a public hostname, added the subdomain and domain, set the type as http and set the url as filebrowser:80. Now when i am trying to acess this service, i am getting host error on the website.

The cloudflare logs contains the following -

2023-08-11T18:18:44Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup filebrowser on 169.254.169.254:53: no such host" cfRay=7f527b9ae9c8f33f-BOM event=1 ingressRule=0 originService=http://filebrowser:80

2023-08-11T18:18:44Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup filebrowser on 169.254.169.254:53: no such host" connIndex=2 dest=https://fb.xd003.site/ event=0 ip=198.41.192.37 type=http

2023-08-11T18:18:44Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup filebrowser on 169.254.169.254:53: no such host" cfRay=7f527b9ccadaf33f-BOM event=1 ingressRule=0 originService=http://filebrowser:80

2023-08-11T18:18:44Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup filebrowser on 169.254.169.254:53: no such host" connIndex=2 dest=https://fb.xd003.site/favicon.ico event=0 ip=198.41.192.37 type=http

2023-08-11T18:18:45Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup filebrowser on 169.254.169.254:53: no such host" cfRay=7f527ba34eccf33f-BOM event=1 ingressRule=0 originService=http://filebrowser:80

2023-08-11T18:18:45Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup filebrowser on 169.254.169.254:53: no such host" connIndex=2 dest=https://fb.xd003.site/ event=0 ip=198.41.192.37 type=http

2023-08-11T18:18:45Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup filebrowser on 169.254.169.254:53: no such host" cfRay=7f527ba3af07f33f-BOM event=1 ingressRule=0 originService=http://filebrowser:80

2023-08-11T18:18:45Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp: lookup filebrowser on 169.254.169.254:53: no such host" connIndex=2 dest=https://fb.xd003.site/favicon.ico event=0 ip=198.41.192.37 type=http
ubuntu@xd003:~$

How do i resolve this issue

Chaika · August 11, 2023, 6:48pm

The best way to test & resolve these issues is by trying the same thing locally on your machine. On the same server running cloudflared, try curl http://filebrowser:80. If it doesn’t work, the problem isn’t cloudflared but your service.

In this case, it looks like you just got the ports backwards

This is saying “hook to port 8080 on the host, to port 80 in the container”, so you probably want to use 8080. If curl http://filebrowser:8080 works, then change the public hostname service to that port.
(That simple curl command won’t work for all tests, if the service is setup to look for a specific host header, or you’re using some other adv. options in the public hostname settings, but for a docker container it should be fine)

singhbadal04 · August 12, 2023, 2:27am

Thanks for the reply
I tried curl with both curl http://filebrowser:8080 and curl http://filebrowser:80 but didn’t really got any response

curl http://localhost:8080 returned some html & jd stuff. So i changed filebrowser:80 to localhost:8080 in the public hostname settings in cloudflare but i am still not able to access filebrowser through my domain

I am getting the following in logs

2023-08-12T02:25:04Z ERR Request failed error
="Unable to reach the origin service. The ser
vice may be down or it may not be responding
to traffic from cloudflared: dial tcp 127.0.0
.1:8080: connect: connection refused" connInd
ex=3 dest=https://fb.xd003.site/favicon.ico e
vent=0 ip=198.41.200.233 type=http

Chaika · August 12, 2023, 6:37pm

Ah my bad, localhost would be right. Using the docker container’s name would only work if cloudflared was also running in a container on the same docker network as filebrowser (and it would be on 80). If cloudflared is running on the host machine, localhost:8080 should be right.

I would check the application you are using itself, if it has some special support for being behind a reverse proxy. It depends how you are running cloudflared as well, as said above.

singhbadal04 · August 12, 2023, 6:51pm

Cloudflared and Filebrowser both are running in a docker container on my system, that’s the reason originally i had kept the url as simple filebrowser:80. Anyways, nothing really seems to work for me, neither localhost nor this. Really clueless why is this even happening

singhbadal04 · August 14, 2023, 3:47am

Update - i have solved the issue by running both the docker containers using docker compose, it automatically links the docker containers