"you are using Cloudflare Tunnel in a (legacy) way that is no longer supported.Migrate to Named Tunnels to continue exposing your private origin through Cloudflare's Network" error message

[mendhak]

Is anyone else getting this error after days of no problems with the tunnel?

calibre-web-cloudflared | 2022-04-23T14:15:54Z ERR Connection terminated error="you are using Cloudflare Tunnel in a (legacy) way that is no longer supported.Migrate to Named Tunnels to continue exposing your private origin through Cloudflare's Network.You can follow this guide: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/do-more-with-tunnels/migrate-legacy-tunnels as an example.Alternatively, you can go to https://dash.teams.cloudflare.com/ -> Access -> Tunnels -> Create and rely on the User Interface instead." connIndex=3

My docker compose is very simple, and has been working until just today

  cloudflared:
    image: erisamoe/cloudflared
    container_name: calibre-web-cloudflared
    volumes:
      - ./cloudflared:/etc/cloudflared
    command: --hostname xxxx.xxxxx.com --url http://nginx:80
    depends_on:
      - nginx

[Erisa]

It looks like Cloudflare might finally be cracking down on usage of legacy tunnels. To be honest this is sort of my fault for slacking on writing documentation for using this image with named tunnels.

I haven't checked this locally myself yet, but for the issue I would recommend running /cloudflared tunnel create mynameone time in the container and then modifying your run command to include --name myname. This gets you the simplest named tunnel setup without changing too much of your setup.

[jiriteach]

Cloudflare allows you to manage your tunnels and public hostnames and private networks via the Zero Trust dashboard now so I simple start the container with -

tunnel --no-autoupdate run --token

and manage the rest via the dashboard which is now the recommended way.

[Erisa]

Using named tunnels through the --name argument or through a full config.yml is still going to be supported going forward however. Legacy tunnels without names are all that's deprecated.

While it is possible to configure tunnels from the dashboard now, I figured that a named tunnel through a simple argument would make an easier migration than moving everything to the dashboard (Since it's just like one command and a compose file edit and then you're back up and running.)

Both regular named tunnels and their remote configuration variants are something I need to start documenting for this image, sooner rather than later.

[mendhak]

No worries, actually I appreciate this image existing because Cloudflare don't provide one that runs on Raspberry Pi.

Here's what I did in my setup after following their docs:

Changed the command: in docker-compose.yml to:

command: tunnel run --url http://nginx:80 mylibrary

Create the tunnel manually,

docker run -v $PWD/cloudflared:/etc/cloudflared erisamoe/cloudflared tunnel create mylibrary
docker run -v $PWD/cloudflared:/etc/cloudflared erisamoe/cloudflared tunnel route dns mylibrary mylibrary.example.com

Create a cloudflared/config.yml, with the contents:

tunnel: b9xxxxxx-xxxx-xxxx-xxxx-xxxxxxx
credentials-file: /etc/cloudflared/b9xxxxxx-xxxx-xxxx-xxxx-xxxxxxx.json

Then docker-compose up -d worked.

[Erisa]

Thank you for the explanation!

To the best of my knowledge this could have also been done without the config.yml by simply adding --name mylibrary to your original command, which if I remember correctly cloudflared recommends in a warning when you try to use a legacy tunnel.

You can also run the commands in the existing compose setup with docker-compose exec or docker-compose run.

Isssue has been pinned pending an update in documentation from me that explains named tunnels.

[mendhak]

Thanks very much, that worked a treat (and wasn't very obvious from their docs).
A simple change none of the other stuff I mentioned was required!

command: --hostname mylibrary.example.com --name mylibrary --url http://nginx:80  

[Erisa]

No problem!

Yeah the docs are all over the place, I only remember this because for the longest time if you did --url and --hostname then it would output the following:

2022-04-23T21:09:23Z INF You are running a Tunnel in legacy mode which will be deprecated. Please use the documentation below to switch to pre-created Tunnels for improved stability and management.
2022-04-23T21:09:23Z INF - To expose applications to the internet create a permanent tunnel as described in https://developers.cloudflare.com/cloudflare-one/connections/connect-apps.
2022-04-23T21:09:23Z INF - If you are running an ad-hoc tunnel from the terminal, add --name NAME flag to `cloudflared tunnel` command.

Specifically the last line:

If you are running an ad-hoc tunnel from the terminal, add --name NAME flag to cloudflared tunnel command.

[Erisa]

Resolved in https://github.com/Erisa/cloudflared-docker/commit/808d9249fa79ca049882c51151f111d28442000b

[nicolasevigo]

Thank you so much for detailing exactly what we need to do. I ran into an issue that since there were AAA entries already it wouldn't create the new CNAMEs, so for me the steps were:

docker exec myAppContainer /cloudflared tunnel create myApp and then append --overwrite-dns to the command in docker-compose:

command: --hostname hostname --url http://url --name myApp --overwrite-dns

If anyone else runs into it, they can also manually delete the DNS entries from Cloudflare and then they dont need to add the --overwrite-dns command.

Again, thank you for the great work!