Cloudflare is not working for me the way I hoped it would.

Submitted ⁨⁨4⁩ ⁨months⁩ ago⁩ by ⁨jrubal1462@mander.xyz⁩ to ⁨selfhosted@lemmy.world⁩

Hello all, The first thing I setup to self-host was NextCloud, and I followed instructions and built the stack myself. It’s hosted on port 80, and I created a Cloudflare tunnel from “cloud.mydomain.com” which points to 192.168.1.111 and everything works perfectly. I can access the site from wherever, and everything felt great. Now for the thing I really want, an Immich server.

I followed the instructions and set up Immich in a docker container. Everything seems to be working great, I can access it from within my network and backup photos just like I was hoping. Within the same Cloudflare tunnel, I tried to add a new Public Hostname. I want “photos.mydomain.com” to point to the same host but on port 2283. I added the public hostname and pointed it to 192.168.1.111:2283, but whenever I point a browser there I get the “502 Bad Gateway” error from cloudflare.

I assume this is a Cloudflare configuration issue, but I’m not 100% sure. Do I need to do anyting special with docker if I intend to access it through Cloudflare? I THINK docker is set up correctly because I am able to access the Immich from a different computer on my local network. I thought using Cloudflare made it so that I don’t to worry about setting up a reverse proxy. Is that maybe not true?

Or does Immich need something specific to tell it to accept traffic outside of my network? I remember having to set up NextCloud with “trusted domains” but when that wasn’t correct, I got an error message from NextCloud, not from Cloudflare.

Any help would be appreciated. I’ve poked around a bunch and I’m pretty sure I can’t solve this on my own.

source

Comments

Sort:hotnew top

saint@group.lt ⁨4⁩ ⁨months⁩ ago
first you should check logs of cloudflare tunnel - most likely it cannot access your docker network. if you are using cloudflare container - it should use same network as a Immich instance.

in short: find the tunnel log and see what is happening there.

source
- jrubal1462@mander.xyz ⁨4⁩ ⁨months⁩ ago
  The logs just say 2023-12-16T03:32:18Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 192.168.1.111:2283…
  
  Assuming it is the problem of Docker containers not being able to talk to each other, I added the option –network=“bridge” to the docker command that launches the cloudflare tunnel. Then in the docker-compose file for Immich, I added the line network_mode: bridge to each service. No dice. I think next I’ll try installing the cloudflare tunnel as a service directly on that computer.
  
  Thanks for taking the time to help out, I appreciate it.
  
  source
  - jrubal1462@mander.xyz ⁨4⁩ ⁨months⁩ ago
    Hey! Running the cloudflare tunnel through systemd right on the machine worked wonders! Thanks! Probably not the most secure way, but at least I know I can play with networks at a later date. For now it appears to be up and running. Thanks a bunch!
    
    source
Krafting@lemmy.world ⁨4⁩ ⁨months⁩ ago
I would recommend you setup a Reverse Proxy, such as NGINX Proxy Manager, Cloudflare free tier only allow to forward 80 and 443 port. A reverse proxy would listen on port 443 and 80 for all connection and forward request to the right site using the hostname.

source
- SteveTech@programming.dev ⁨4⁩ ⁨months⁩ ago
  Cloudflare Tunnels will let you proxy any port, as long as it’s HTTP(S) or SSH, even on free tier.
  
  Also I believe there’s a thing now for proxying other ports anyway on free tier without tunnels, but I haven’t looked too much into it.
  
  source
- jrubal1462@mander.xyz ⁨4⁩ ⁨months⁩ ago
  Thanks. I was hoping (but not sure) that cloudflare would act as a proxy by sending the traffic to the port I wanted, and that would sort things out (since it’s all running off of one machine). Still, maybe setting up Nginx is the way to go. I’ll have to put that a little ways down the to do list.
  
  Thanks for reaching out, I appreciate it.
  
  source
  - Krafting@lemmy.world ⁨4⁩ ⁨months⁩ ago
    Well, in my setup I use both, Cloudflare point to my proxy manager, so there is a dual proxy in a way. but the users always hit cloudflare first and never my own proxy, so I can use CF security feature as well (blocking other country, ip, known bad actors etc)
    
    source
Decronym@lemmy.decronym.xyz ⁨4⁩ ⁨months⁩ ago
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters More Letters

CF CloudFlare

HTTP Hypertext Transfer Protocol, the Web

SSH Secure Shell for remote terminal access

[Thread #358 for this sub, first seen 16th Dec 2023, 11:55] [FAQ] [Full list] [Contact] [Source code]

source

Fewer Letters	More Letters
CF	CloudFlare
HTTP	Hypertext Transfer Protocol, the Web
SSH	Secure Shell for remote terminal access