ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF"

[fishermanG]

I just setup cloudflared argo tunnel on unraid using the latest version. Managed to close all the ports and tested. Works fine.

However, the docker log is flooded with this.. ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=687e1d27f055b394-IAH originService=https://NPM:18443

This is my cloudflared config file:

ingress:

• service: https://NPM_IP:18443 originRequest: noTLSVerify: true

Any idea?

[sudarshan-reddy]

Can you tell us more details about your test?

What is this service NPM_IP:18443. Where is it running? How are you trying to reach it? What are you expecting to happen? Are you saying Works fine but still gets errors?

[fishermanG]

I am using this guide. https://github.com/aeleos/cloudflared/blob/main/README.md

I am trying to create the CF tunnel between cloudflare and my Nginx Proxy Manager hosted on 192.168.1.11:18843. Basically, no more exposed 80 and 443 ports. I am running all these on unraid dockers

Yes, everything works fine. All connections established but the log is flooded with this EOF error:

2021-09-01T14:33:19Z INF Starting metrics server on 127.0.0.1:34395/metrics 2021-09-01T14:33:20Z INF Connection c0a8d328-a652-461d-bfc8-535d9c91e56d registered connIndex=0 location=SEA 2021-09-01T14:33:21Z INF Connection 6b41f4fa-d0c0-48bb-83e8-23d81a31d4fa registered connIndex=1 location=HKG 2021-09-01T14:33:22Z INF Connection 62a34012-8ed3-4325-a261-a19811f29a9c registered connIndex=2 location=SEA 2021-09-01T14:33:23Z INF Connection acdd26d8-0047-4a1e-97bc-151c4fee13b9 registered connIndex=3 location=HKG 2021-09-01T14:34:09Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=687f37bd84af59ce-IAD originService=https://192.168.1.11:18443

2021-09-01T14:34:10Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=687f37c6a4be212d-SJC originService=https://192.168.1.11:18443

2021-09-01T14:37:03Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=687f3bff16f52f55-DFW originService=https://192.168.1.11:18443

[sudarshan-reddy]

Because you say this still works, It looks like your origin service may not be closing the stream cleanly. Whats behind the nginx proxy manager?

[sudarshan-reddy]

@fishermanG this is the websocket pinger failing to hit your service. I confirm it shouldn’t have an impact. I’ll have a look at it soon.

[AbzHussain]

Im having the exact same issue here.

2021-12-17T21:33:48Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate is not valid for any names, but wanted to match "MYDOMAIN.com" cfRay=6bf34599e8b875cf-LHR originService=https://192.168.1.100:4443

following the same guide as above too I dont understand about the certs as they were working fine before i decided to add this tunnel. The tunnel works when its started, its only when you try and access the website from Nginx proxy manager that this error comes up. any help would be appreciated. Thank you.

[GeoSnipes]

Same, anybody with solutions?

[nmldiegues]

"Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate is not valid for any names, but wanted to match "MYDOMAIN.com"

You can tell cloudflared to not validate the TLS certificate presented by your origin: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress/#notlsverify

ingress:
 - hostname: ...
    service: ...
    originRequest:
       noTLSVerify: true

(like in https://community.cloudflare.com/t/cloudflared-ignores-notlsverify-option/233448/5 )

[AbzHussain]

This works for me 100% of the time. originServerName MUST HAVE a VALID sub domain. eg, instead of mydomain.com it needs to be nginx.mydomain.com or sabnzb.mydomain.com or You get the idea. (Place subdomain in the yaml file where the asterisk are below. ) you must have the subdomain set up in cloud flare.

I removed the hashtags from the yaml below to prevent the bold formatting. LEAVE THEM IN YOUR YAML 😀

tunnel: UUID credentials-file: /home/nonroot/.cloudflared/UUID.json

NOTE: You should only have one ingress tag, so if you uncomment one block comment the others

forward all traffic to Reverse Proxy w/ SSL ingress:

• service: https://REVERSEPROXYIP:PORT originRequest: originServerName:**. yourdomain.com

keep everything else the same as per the guide.

[Light-k]

C:\Users\13434>docker run -it cloudflare/cloudflared:latest tunnel --url http:localhost:9090 2023-04-28T16:27:14Z INF Thank you for trying Cloudflare Tunnel. Doing so, without a Cloudflare account, is a quick way to experiment and try it out. However, be aware that these account-less Tunnels have no uptime guarantee. If you intend to use Tunnels in production you should use a pre-created named tunnel by following: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps 2023-04-28T16:27:14Z INF Requesting new quick Tunnel on trycloudflare.com... 2023-04-28T16:27:15Z INF +--------------------------------------------------------------------------------------------+ 2023-04-28T16:27:15Z INF | Your quick Tunnel has been created! Visit it at (it may take some time to be reachable): | 2023-04-28T16:27:15Z INF | https://fare-write-waste-gadgets.trycloudflare.com | 2023-04-28T16:27:15Z INF +--------------------------------------------------------------------------------------------+ 2023-04-28T16:27:15Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared] 2023-04-28T16:27:15Z INF Version 2023.4.2 2023-04-28T16:27:15Z INF GOOS: linux, GOVersion: go1.19.8, GoArch: amd64 2023-04-28T16:27:15Z INF Settings: map[ha-connections:1 no-autoupdate:true protocol:quic url:http:localhost:9090] 2023-04-28T16:27:15Z INF cloudflared will not automatically update when run from the shell. To enable auto-updates, run cloudflared as a service: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/as-a-service/ 2023-04-28T16:27:15Z INF Generated Connector ID: 951fc668-ac63-4957-a731-4acd02e2a536 2023-04-28T16:27:15Z INF Initial protocol quic 2023-04-28T16:27:15Z INF ICMP proxy will use 172.17.0.5 as source for IPv4 2023-04-28T16:27:15Z INF ICMP proxy will use :: as source for IPv6 2023-04-28T16:27:15Z INF Starting metrics server on 127.0.0.1:46187/metrics 2023/04/28 16:27:15 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details. 2023-04-28T16:27:16Z INF Registered tunnel connection connIndex=0 connection=ba1c7c11-93f8-45f1-8c50-76908d3183ac event=0 ip=198.41.200.23 location=SJC protocol=quic 2023-04-28T16:27:16Z ERR update check failed error="Error: getChecksum: failed to find checksum for name"

please help me