Cloudflare is not working for me the way I hoped it would. (mander.xyz)

submitted 6 months ago* (last edited 6 months ago) by jrubal1462@mander.xyz to c/selfhosted@lemmy.world

8 comments fedilink hide all child comments

Hello all, The first thing I setup to self-host was NextCloud, and I followed instructions and built the stack directly on the host computer. It's hosted on port 80, and I created a Cloudflare tunnel from "cloud.mydomain.com" which points to http://192.168.1.111 and everything works perfectly. I can access the site from wherever, and everything felt great. Now for the thing I really want, an Immich server.

I followed the instructions and set up Immich in a docker container. Everything seems to be working great, I can access it from within my network and backup photos just like I was hoping. Within the same Cloudflare tunnel, I tried to add a new Public Hostname. I want "photos.mydomain.com" to point to the same host but on port 2283. I added the public hostname and pointed it to http://192.168.1.111:2283, but whenever I point a browser there I get the "502 Bad Gateway" error from cloudflare.

I assume this is a Cloudflare configuration issue, but I'm not 100% sure. Do I need to do anyting special with docker if I intend to access it through Cloudflare? I THINK docker is set up correctly because I am able to access the Immich from a different computer on my local network. I thought using Cloudflare made it so that I don't to worry about setting up a reverse proxy. Is that maybe not true?

Or does Immich need something specific to tell it to accept traffic outside of my network? I remember having to set up NextCloud with "trusted domains" but when that wasn't correct, I got an error message from NextCloud, not from Cloudflare.

Any help would be appreciated. I've poked around a bunch and I'm pretty sure I can't solve this on my own.

top 8 comments

sorted by: hot top controversial new old

[-] saint@group.lt 11 points 6 months ago

first you should check logs of cloudflare tunnel - most likely it cannot access your docker network. if you are using cloudflare container - it should use same network as a Immich instance.

in short: find the tunnel log and see what is happening there.

[-] jrubal1462@mander.xyz 4 points 6 months ago

The logs just say 2023-12-16T03:32:18Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 192.168.1.111:2283...

Assuming it is the problem of Docker containers not being able to talk to each other, I added the option --network="bridge" to the docker command that launches the cloudflare tunnel. Then in the docker-compose file for Immich, I added the line network_mode: bridge to each service. No dice. I think next I'll try installing the cloudflare tunnel as a service directly on that computer.

Thanks for taking the time to help out, I appreciate it.

[-] jrubal1462@mander.xyz 5 points 6 months ago

Hey! Running the cloudflare tunnel through systemd right on the machine worked wonders! Thanks! Probably not the most secure way, but at least I know I can play with networks at a later date. For now it appears to be up and running. Thanks a bunch!

[-] Krafting@lemmy.world 8 points 6 months ago

I would recommend you setup a Reverse Proxy, such as NGINX Proxy Manager, Cloudflare free tier only allow to forward 80 and 443 port. A reverse proxy would listen on port 443 and 80 for all connection and forward request to the right site using the hostname.

[-] SteveTech@programming.dev 6 points 6 months ago

Cloudflare Tunnels will let you proxy any port, as long as it's HTTP(S) or SSH, even on free tier.

Also I believe there's a thing now for proxying other ports anyway on free tier without tunnels, but I haven't looked too much into it.

[-] jrubal1462@mander.xyz 3 points 6 months ago

Thanks. I was hoping (but not sure) that cloudflare would act as a proxy by sending the traffic to the port I wanted, and that would sort things out (since it's all running off of one machine). Still, maybe setting up Nginx is the way to go. I'll have to put that a little ways down the to do list.

Thanks for reaching out, I appreciate it.

[-] Krafting@lemmy.world 2 points 6 months ago

Well, in my setup I use both, Cloudflare point to my proxy manager, so there is a dual proxy in a way. but the users always hit cloudflare first and never my own proxy, so I can use CF security feature as well (blocking other country, ip, known bad actors etc)

[-] Decronym@lemmy.decronym.xyz 2 points 6 months ago

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters	More Letters
CF	CloudFlare
HTTP	Hypertext Transfer Protocol, the Web
SSH	Secure Shell for remote terminal access

[Thread #358 for this sub, first seen 16th Dec 2023, 11:55] [FAQ] [Full list] [Contact] [Source code]

this post was submitted on 15 Dec 2023

18 points (100.0% liked)

Selfhosted

37715 readers

364 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz