#Unable to access to local services using ingress rules

5 messages · Page 1 of 1 (latest)

nova tundra
#

I have a tunnel working successfully using url property inside a config.yaml. A new requirement came and now I need to expose another service (SSH) so I found out ingress rules are a good option to avoid having two tunnel instances. This is my new config.yaml:

tunnel: UUID
credentials-file: /home/seluser/.cloudflared/UUID.json

ingress:
  - hostname: CNAME.my-domain.com
    service: http://localhost:7900
  - hostname: CNAME-ssh.my-domain.com
    service: ssh://localhost:22
  - service: http_status:404

Some facts:

  • Using ingress rules with above setup broke existing tunnel (using url property). Now both services are unreachable
  • Testing SSH without tunnel (remote and locally) works
  • config file validation says that yaml is ok - cloudflared tunnel ingress validate
  • rule test matches with expected rule - cloudflared tunnel ingress rule ssh://CNAME-ssh.my-domain.com
  • logs show no activity when I try to hit services
  • in dashboard all looks good, a tunnel created with couple of rules, though I can´t see target ports

Any idea what can I be missing? Anything else I can check?

mystic oracle
#

I have a very similar situation where the setup seems to be correct (cloudflared tunnel ingress rule [my-hostname] yields the correct rule match), but the tunnel still isn't working as expected. Anyone knows what the issue might be?

glass arrow
# nova tundra I have a tunnel working successfully using `url` property inside a `config.yaml`...

a bit late, but:
Keep in mind you can't just expose SSH like that. Cloudflare doesn't assign each tunnel a unique IP or anything, they wouldn't have any way to share IPs for ssh/know which inbound ssh connection was meant for which customer on a shared IP.
You need to use cloudflared locally to connect to ssh (https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/)

The http hostname should still be working. What's the exact error you get when you try to access it? Bad gateway for example would mean your tunnel is erroring/unable to fetch from origin

glass arrow
nova tundra
#

hello. It's not late. Thanks for replying. There's not an actual error (at least nothing I can see). On client side connection is not established to server, and that's it. I'll try the arbitrary TCP suggestion you shared.