debug cloudflared tunnel

2024-12-03T15:36:37Z

I’ve been debugging a cloudflared tunnel issue in my homelab all day today, and getting really frustrated. My issue ended up being that it was running twice, once without the correct config file and another with it. I believe that cacheing may have compounded the issue.

In yesterday’s post I setup a cloudflared tunnel on my ubuntu server to expose applications running on the server to the internet. I’m setting up a new server and running cloudflared in its own vm.

setup cloudflared tunnel on ubuntu

Check that dns is pointing to the correct tunnel #

dig subdomain.example.com
traceroute subdomain.example.com

Check that the tunnel is running #

export CLOUDFLARED_TUNNEL_ID = "my-tunnel-id"

cloudflared tunnel list
cloudflared tunnel info $CLOUDFLARED_TUNNEL_ID

setup cloudflared tunnel on ubuntu

2024-12-02T15:43:45Z

I run a cloudflared tunnel on my ubuntu server to expose applications running on the server to the internet. I’m setting up a new server and running cloudflared in its own vm.

Get the cloudflared binary #

sudo wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -O /usr/local/bin/cloudflared

sudo chmod +x /usr/local/bin/cloudflared

#

Now setup the config directory. For the systemd service to work, the config file needs to be in /etc/cloudflared. I like to give my user rights to edit the config file without being sudo, we will do that here by creating a group cloudflared, add ourselves to the group, give ownership of /etc/cloudflared to the group, give group write access to the directory, and refresh groups.

sudo mkdir -p /etc/cloudflared
sudo groupadd cloudflared
sudo usermod -aG cloudflared $USER
sudo chown -R root:cloudflared /etc/cloudflared
sudo chmod g+w /etc/cloudflared
newgrp cloudflared

Now we can log into the domain zone with cloudflared.

cloudflared tunnel login

This will give a url, follow it in a browser to log in.

cloudflared tunnel create <NAME>
mv ~/.cloudflared/cert.pem /etc/cloudflared/cert.pem
mv ~/.cloudflared/<tunnel-id>.json /etc/cloudflared/<tunnel-id>.json

config #

Now setup config. For the systemd service to work, the config file needs to be in /etc/cloudflared. The config that I have provided below will expose localhost:8000 to tester.example.com

export CLOUDFLARED_TUNNEL_ID=$(ls /etc/cloudflared/*.json | xargs -n 1 basename | sed 's/\.json$//')
mv ~/.cloudflared/${CLOUDFLARED_TUNNEL_ID}.json /etc/cloudflared/${CLOUDFLARED_TUNNEL_ID}.json
mv ~/.cloudflared/cert.pem /etc/cloudflared/cert.pem
echo "
tunnel: $(CLOUDFLARED_TUNNEL_ID)
credentials-file: /etc/cloudflared/$(CLOUDFLARED_TUNNEL_ID).json
ingress:
  - hostname: tester.example.com
    service: http://localhost:8000
  - service: 'http_status:404'
" >> /etc/cloudflared/config.yaml

dns #

Now to get a dns record for tester.example.com to point to the cloudflared tunnel.

cloudflared tunnel route dns $(CLOUDFLARED_TUNNEL_ID) tester.example.com

systemd #

Now install the systemd service.

sudo cloudflared service install

sudo systemctl status cloudflared.service
# if its not running
sudo systemctl start cloudflared.service

Posts tagged: networking

debug cloudflared tunnel

Check that dns is pointing to the correct tunnel #

Check that the tunnel is running #

setup cloudflared tunnel on ubuntu

Get the cloudflared binary #

#

login #

config #

dns #

systemd #