search

coollabsio / coolify

An open-source & self-hostable Heroku / Netlify / Vercel alternative.
https://coolify.io
Apache License 2.0
26.27k stars 1.33k forks source link

[Bug]: Servers - Cloudflared Tunnel #2194

Open luckycreationsindia opened 1 month ago

luckycreationsindia commented 1 month ago

Description

Hi,

I'm trying to implement cloudflared tunnel ssh. I did followed the steps provided in documentation but failed.

Anyone got success in this?

My server details: Ubuntu 23 UFW Firewall used (Able to access if I use host.docker.internal but not via cloudflared tunnel)

Just in case, i've also added cloudflare ip addresses to whitelist. IP Subnet 172.x.x.x, 127.x.x.x are all whitelisted.

Minimal Reproduction (if possible, example repository)

  1. Create new tunnel in cloudflare
  2. Host added - localhost:22 with SSH selected
  3. Point that host to subdomain (tunnel.example.com)
  4. Create new server in coolify
  5. Give IP address as localhost
  6. Set cloudflare Tunnel token and ssh host (localhost:22)
  7. Click on Automated Configuration

Exception or Error

ssh: connect to host localhost port 22: Connection refused

Version

v4.0.0-beta.277

luckycreationsindia commented 1 month ago

Update:

I tried to install cloudflared tunnel within server. It was suucessful and the service is running but when I select "I have already set up the tunnel manually on the server." the following error shows when validating server.

Error: kex_exchange_identification: Connection closed by remote host

andrasbacsai commented 1 month ago

localhost refers to the server where Coolify is running and should not be accessible through CF. This doesn't seem logical. Why would you want to use it in that way?

If you use host.docker.internal, it will stay within your server as it is an internal IP/network.

luckycreationsindia commented 1 month ago

I'm trying to add 2nd server which should be accessible from tunnel instead of direct access. I don't want to expose 2nd server's SSH port.

dawnniie commented 3 weeks ago

I managed to get my tunnel working when I set the "IP Address/Domain" in the server's general configuration in Coolify to be the public hostname of the tunnel, not sure if that helps

luckycreationsindia commented 3 weeks ago

I managed to get my tunnel working when I set the "IP Address/Domain" in the server's general configuration in Coolify to be the public hostname of the tunnel, not sure if that helps

Hey,

What did you add in cloudflare Tunnel url?

I tried localhost:22 on cloudflare with tunnel as subdomain and "tunnel.example.com" in "IP Address/Domain" within coolify.

dawnniie commented 3 weeks ago

In Cloudflare, I have my tunnel with a public hostname ssh.<domain>.com pointing to ssh://localhost:22

In Coolify, for the server, I have "IP Address/Domain" = ssh.<domain>.com, "User" = root, "Port" = 22

When I enabled Cloudflare tunnels it was the same value there again for the "Configured SSH Domain". From memory it seemed a little buggy, maybe because I already configured the tunnel on the local machine beforehand. But with these settings it works perfectly for me now.

mackenly commented 2 weeks ago

Having the same issue. Using Coolify Cloud and trying to connect to a Hetzner instance without having my IP completely public.

Noticed that while the services are not working, Coolify is still there and throwing a 404 (as normal) through the Tunnel. I suspect that if there was a valid server for me to install on, it would work. It's just not getting the SSH communication.

Things I've tried:

Because of the ability to get HTTP traffic to Coolify running on the server, I think it can be narrowed down to some sort of issue with Coolify connecting.

Server is not reachable. Please validate your configuration and connection.

Check this [documentation](https://coolify.io/docs/knowledge-base/server/openssh) for further help.

Error: kex_exchange_identification: Connection closed by remote host

Seemingly related Discord issue.