search

cloudflare / cloudflared

Cloudflare Tunnel client (formerly Argo Tunnel)
https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide
Apache License 2.0
8.87k stars 778 forks source link

Error exec docker image #323

Open tomaswarynyca opened 3 years ago

tomaswarynyca commented 3 years ago

Copying the dockerhub command it comes out The client did not specify the origincert path

If I add --origincert /etc/cloudflared/cert.pem Cannot check if the origin certificate exists in the path /etc/cloudflared/cert.pem

Any idea how to solve the problem?

chungthuang commented 3 years ago

Hi @tomaswarynyca, I tried the command with the latest image and it worked for me. Can you try 

docker run -v ~/.cloudflared:/etc/cloudflared cloudflare/cloudflared:2021.2.5 tunnel --no-autoupdate --hostname example.com --url http://localhost:8080

Don't forget to replace example.com with your hostname.

tomaswarynyca commented 3 years ago

Yes, after sending the message I saw that it was an old version, but when I ran the new version I had the same result. Error getting origin cert: client didn't specify origincert path

If I add --origincert /etc/cloudflared/cert.pem Error getting origin cert: cannot check if origin cert exists at path /etc/cloudflared/cert.pem

chungthuang commented 3 years ago

The command assumes you have a cert.pem file in ~/.cloudflared/cert.pem. If you don't have this file, check out https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/setup.

tomaswarynyca commented 3 years ago

I don't understand what I am doing wrong for it not to work.

Validating that the cert.pem file is present

➜  ~ ls .cloudflared/
cert.pem

Running the container

docker run --rm -v ~/.cloudflared:/etc/cloudflared cloudflare/cloudflared:2021.2.5 tunnel --no-autoupdate --hostname hidden.com --url http://localhost:8080 --origincert /etc/cloudflared/cert.pem

2021-02-25T00:12:27Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]
2021-02-25T00:12:27Z INF Version 
2021-02-25T00:12:27Z INF GOOS: linux, GOVersion: go1.15.7, GoArch: amd64
2021-02-25T00:12:27Z INF Settings: map[hostname:hidden.com no-autoupdate:true origincert:/etc/cloudflared/cert.pem url:http://localhost:8080]
2021-02-25T00:12:27Z ERR Cannot check if origin cert exists at path /etc/cloudflared/cert.pem originCertPath=/etc/cloudflared/cert.pem
2021-02-25T00:12:27Z ERR Couldn't start tunnel error="Error getting origin cert: cannot check if origin cert exists at path /etc/cloudflared/cert.pem"
Error getting origin cert: cannot check if origin cert exists at path /etc/cloudflared/cert.pem
chungthuang commented 3 years ago

~ is equivalent to $HOME, so ~/.cloudflared:/etc/cloudflared is equivalent to $HOME/.cloudflared:/etc/cloudflared. In your case you cert is at .cloudflared/cert.pem, so you can run 

docker run --rm -v .cloudflared:/etc/cloudflared cloudflare/cloudflared:2021.2.5 tunnel --no-autoupdate --hostname hidden.com --url http://localhost:8080
tomaswarynyca commented 3 years ago

It is not possible to mount like this in docker Can be mounted with $HOME/.cloudflared:/etc/cloudflared, but I get the same result

Even mounting the file directly I get the error that it is not found. $HOME/.cloudflared/cert.pem:/etc/cloudflared/cert.pem

chungthuang commented 3 years ago

Have you tried moving .cloudflared to a different directory, for example /etc/cloudflared?

tomaswarynyca commented 3 years ago

Copy the cert.pem file from ~/.clouflared to /etc/cloudflared Mounting /etc/cloudflared:/etc/cloudflared got the same result :/

docker run --rm -v /etc/cloudflared:/etc/cloudflared cloudflare/cloudflared:2021.2.5 tunnel --no-autoupdate --hostname hidden.com --url http://localhost:8080 --origincert /etc/cloudflared/cert.pem

2021-02-28T16:21:12Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared] 2021-02-28T16:21:12Z INF Version 2021-02-28T16:21:12Z INF GOOS: linux, GOVersion: go1.15.7, GoArch: amd64 2021-02-28T16:21:12Z INF Settings: map[hostname:hidden.com no-autoupdate:true origincert:/etc/cloudflared/cert.pem url:http://localhost:8080] 2021-02-28T16:21:12Z ERR Cannot check if origin cert exists at path /etc/cloudflared/cert.pem originCertPath=/etc/cloudflared/cert.pem 2021-02-28T16:21:12Z ERR Couldn't start tunnel error="Error getting origin cert: cannot check if origin cert exists at path /etc/cloudflared/cert.pem" Error getting origin cert: cannot check if origin cert exists at path /etc/cloudflared/cert.pem

chungthuang commented 3 years ago

I'm sorry it's still not working for you. We will provide more robust logging on Cannot check if origin cert exists at path error in the next release.

seocam commented 3 years ago

I have the same problem. After updating to the docker image 2021.3.3 I got a little more information. 

2021-03-25T23:49:10Z ERR Cannot check if origin cert exists at path /etc/cloudflared/cert.pem error="open /etc/cloudflared/cert.pem: permission denied" originCertPath=/etc/cloudflared/cert.pem

It seems to me that non-root user is not able to access the file mounted using "-v".

Here is my command: 

docker run --rm -v /home/seocam/.cloudflared:/etc/cloudflared cloudflare/cloudflared:2021.3.3 tunnel --no-autoupdate --url http://192.168.49.1:8000 --hostname <mydomain> --origincert /etc/cloudflared/cert.pem

Running without docker works fine for me.

seocam commented 3 years ago

Seems related to #163

tomaswarynyca commented 3 years ago

Hi @chungthuang, with the info provided by @seocam you can see if it solves the problem? 25 days have passed and I can't migrate to docker

AntonyLeons commented 2 years ago

run sudo chmod -R 755 .cloudflared on your .cloudflared folder User can read, write, and execute; other users can read and execute, but cannot write.

McSneaky commented 2 years ago

sudo chmod -R 755 .cloudflared

That one doesn't seem to work, had to make it 777, which well, isn't the safest permission to give For some reason if I gave 766 then I couldn't make tunnel later on following example in here: https://github.com/cloudflare/worker-template-postgres/

My command: docker run -v ~/.cloudflared:/home/nonroot/.cloudflared cloudflare/cloudflared:2022.5.0 login And error: error writing cert to /home/nonroot/.cloudflared/cert.pem: open /home/nonroot/.cloudflared/cert.pem: permission denied

Would be cool if there's a way to run it with root or pipe output to certfile manually

wb14123 commented 2 years ago

@McSneaky I'd say it's very unsafe to give the permission 777. The user and group ID that is used to run the command in docker is 65532, so change all the files that needed by cloudflare to 65532:65532 works for me:

chown 65532:65532 cert.pem