Cloudflared Tunnel- strange issue!

Hi there- I made sure I gave this a proper go and also read multiple forum posts on Unraid/Cloudflare/Nextcloud to no avail yet.

I’m getting a bad gateway (502) error when trying to access my nextcloud docker, stored on my unraid nas. This only happens when attempting to join via the tunnel hostname, not the local IP. The local IP works fine.

Things I’ve checked/tried/tested:
-Putting both the local ip and the hostname into trusted_domains in the config.yaml
-Using HTTP and HTTPS to connect via the tunnel
-Hosting the docker separate from a port and instead using a static ip)
-Completly reinstalling the docker

To go into more detail, I have it setup so that it resolves specific things to specific docker apps: would point to a local ip

I have gotten this to work with pihole and plex, but have struggled getting it to work with any addresses that use my base local ip, pihole and plex are hosted on their static IP, but when I move nextcloud to a static IP it doesn’t seem to work either way (webgui won’t launch locally). I’m not sure if these are related to the problem or something else is at play but I thought I’d include it if it was helpful.

Any suggestions would be appreciated- loving nextcloud so far- just wish I could use it away from home. :slight_smile:


Just added cloud flares list of ip ranges that they use but still no dice (502 bad gateway). @Kerasit

You will have to add your VPN network adresses (the cloudflare VPN IP and your own VPN client IP) and the LAN adress where the VPN network is NAT’et from and to. All of these serves as “visible” proxies.

Still no dice. I’ve added the two cloudflare DNS nameservers to trusted domains, added their ip to trusted proxy, added my cloudflared connector local ip. Still nothing.

“error”: “Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp XXX.XXX.X.XX:XXX: connect: no route to host”,
“ingressRule”: “1”,
“originService”: “http://XXX.XXX.X.XX:XXX”
The ip for origin service and dial tcp part of the error are the same

That last error message was much more usefull. This is your network topology.

Cloudflare tunnel is not reaching anything on your end.

Make sure that:

  • The cloudflare tunnel VPN/tunnel client is running

  • Port used by Cloudflare is open and allowing trafic from Cloudflare

  • NAT/IPTables is setup correctly to forward trafic to the Nextcloud server

  • The webserver you setup for Nextcloud is listnening on the interface getting connections from Cloudflare (probably localhost if tunnel device, or a virtual different network than the rest of your LAN)

1 Like

It could also be nextcloud ignoring a request it doesn’t like though right?

Cloudflare is deff reaching my NAS, without being connected to my network I can connect to my plex and pihole through the hostname. The tunnel is described as “healthy” on the zero trust dashboard.

I’m not sure what nextcloud is and isn’t listening to- I know that it’s on a port on my NAS (I.E it doesn’t have it’s own IP, it’s in bridge mode), because it would refuse to launch any other way.

Bad gateway response is from the webserver. Nextcloud is an application that can run on any given webserver. So my guess is how you reverse proxies to Nextcloud, and with which exposed interface you have configured in your web server config to provide nextcloud.

I’m not too sure how to describe it but I’ll try my best

I have cloudflare connected to a docker container cloudflared. It can communicate inward and outward. The docker is hosted on my unraid server, I have a few containers that have dedicated local static ips, like Pihole, plex, and a few that run off of ports on the unraid hosts ip

I do direct cloudflare towards the host port I have Nextcloud hosted on, but it doesn’t seem to connect.

Though I also can’t connect cloudflare to the base unraid host ip either, so that’s probably the root cause of that.

Though when I attempt to move Nextcloud over to a new static ip it fails, the webgui doesn’t launch even when manually typing it in to a webbrowser… Weird.

Fair. I am sorry but I cannot help you here. Your webserver is correctly responding on Local IP and Nextcloud is loaded. As it is something in your network stack and maybe you webserver config, I cannot help you much.

Did you get anywhere with this?
Next cloud is perfect for my needs but, like you, all I get is 502.
No issues connecting to my Server2016 service or Ubuntu but Nextcloud just falls over. It’s so frustrating given how useful it undoubtedly would be for me.

I had the same problem and fixed it by changing the port in nginx from 443 to 80. after that was able to hit it externally. hope this fixes your problem also

In CLOUDFLARE makes sure your settings are: