search

cloudflare / cloudflared

Cloudflare Tunnel client (formerly Argo Tunnel)
https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide
Apache License 2.0
8.73k stars 774 forks source link

šŸ› Issue accessing Raritan IP-KVM over public hostname #809

Open solareon opened 1 year ago

solareon commented 1 year ago

Describe the bug While attempting to configure cloudflared to access a Raritan Dominion KXIV-101 IP-KVM I am having some issues connecting to the KVM portion. I can connect to the device and view configuration options, login, etc. but when attempting to start the session to access the KVM it returns "Client has been disconnected from target." and generates some logs either in cloudflared or in an nginx reverse-proxy.

To Reproduce Steps to reproduce the behavior: Build tunnel using dashboard and point to the IP-KVM's internal IP address or an nginx-reverse proxy running on the cloudflared host. Connect to device and attempt to start KVM session.

Expected behavior Connection to KVM is established without errors.

Environment and versions

Logs and errors Cloudflared errors:

2022-11-14T17:23:49Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" cfRay=76a16fe93e7e90f4-FRA ingressRule=1 originService=https://x.x.x.x:443
2022-11-14T17:23:49Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" connIndex=1 dest=https://abc.xxx.com/rfb ip=198.41.192.77 type=ws

Nginx errors:

2022/11/14 12:55:14 [error] 3950327#3950327: *78 upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: y.y.y.y, request: "GET /rfb HTTP/1.1", upstream: "https://x.x.x.x:443/rfb", host: "abc.xxx.com"
2022/11/14 12:55:14 [error] 3950327#3950327: *78 upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: y.y.y.y, request: "GET /rfb HTTP/1.1", upstream: "https://x.x.x.x:443/rfb", host: "abc.xxx.com"

Additional context The nginx reverse-proxy config works when connecting directly from a host on the same subnet or over a vpn as does a direct connection to the device. Also tried using a clean vm as the cloudflared host with no success. Nginx config is below

upstream raritan {
        server x.x.x.x:443;
        keepalive 32;
}

server {
        listen 4080 http2 ssl;
        listen [::]:4080 http2 ssl;

        server_name y.y.y.y;

        ssl_certificate /etc/ssl/certs/raritan-cf.crt;
        ssl_certificate_key /etc/ssl/private/raritan-cf.key;

        access_log /var/log/nginx/reverse-access.log;
        error_log /var/log/nginx/reverse-error.log;

        more_clear_headers 'Content-Length';

        location / {
                proxy_pass https://raritan;
                proxy_http_version 1.1;
                proxy_set_header Connection "upgrade";
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
        }

}
AndrewBucklin commented 1 year ago

Also having this same issue with PiKVM. I've tried changing a ton of settings with no luck.

solareon commented 1 year ago

@AndrewBucklin I don't seem to have this issue with my pikvm only the raritan device. Are you running cloudflared on the pikvm or another device?