search

coollabsio / coolify

An open-source & self-hostable Heroku / Netlify / Vercel alternative.
https://coolify.io
Apache License 2.0
34.66k stars 1.89k forks source link

[Bug]: Servers - Cloudflared Tunnel #2194

Closed luckycreationsindia closed 1 month ago

luckycreationsindia commented 6 months ago

Description

Hi,

I'm trying to implement cloudflared tunnel ssh. I did followed the steps provided in documentation but failed.

Anyone got success in this?

My server details: Ubuntu 23 UFW Firewall used (Able to access if I use host.docker.internal but not via cloudflared tunnel)

Just in case, i've also added cloudflare ip addresses to whitelist. IP Subnet 172.x.x.x, 127.x.x.x are all whitelisted.

Minimal Reproduction (if possible, example repository)

  1. Create new tunnel in cloudflare
  2. Host added - localhost:22 with SSH selected
  3. Point that host to subdomain (tunnel.example.com)
  4. Create new server in coolify
  5. Give IP address as localhost
  6. Set cloudflare Tunnel token and ssh host (localhost:22)
  7. Click on Automated Configuration

Exception or Error

ssh: connect to host localhost port 22: Connection refused

Version

v4.0.0-beta.277

luckycreationsindia commented 6 months ago

Update:

I tried to install cloudflared tunnel within server. It was suucessful and the service is running but when I select "I have already set up the tunnel manually on the server." the following error shows when validating server.

Error: kex_exchange_identification: Connection closed by remote host

andrasbacsai commented 6 months ago

localhost refers to the server where Coolify is running and should not be accessible through CF. This doesn't seem logical. Why would you want to use it in that way?

If you use host.docker.internal, it will stay within your server as it is an internal IP/network.

luckycreationsindia commented 6 months ago

I'm trying to add 2nd server which should be accessible from tunnel instead of direct access. I don't want to expose 2nd server's SSH port.

dawnniie commented 5 months ago

I managed to get my tunnel working when I set the "IP Address/Domain" in the server's general configuration in Coolify to be the public hostname of the tunnel, not sure if that helps

luckycreationsindia commented 5 months ago

I managed to get my tunnel working when I set the "IP Address/Domain" in the server's general configuration in Coolify to be the public hostname of the tunnel, not sure if that helps

Hey,

What did you add in cloudflare Tunnel url?

I tried localhost:22 on cloudflare with tunnel as subdomain and "tunnel.example.com" in "IP Address/Domain" within coolify.

dawnniie commented 5 months ago

In Cloudflare, I have my tunnel with a public hostname ssh.<domain>.com pointing to ssh://localhost:22

In Coolify, for the server, I have "IP Address/Domain" = ssh.<domain>.com, "User" = root, "Port" = 22

When I enabled Cloudflare tunnels it was the same value there again for the "Configured SSH Domain". From memory it seemed a little buggy, maybe because I already configured the tunnel on the local machine beforehand. But with these settings it works perfectly for me now.

mackenly commented 5 months ago

Having the same issue. Using Coolify Cloud and trying to connect to a Hetzner instance without having my IP completely public.

Noticed that while the services are not working, Coolify is still there and throwing a 404 (as normal) through the Tunnel. I suspect that if there was a valid server for me to install on, it would work. It's just not getting the SSH communication.

Things I've tried:

Because of the ability to get HTTP traffic to Coolify running on the server, I think it can be narrowed down to some sort of issue with Coolify connecting.

Server is not reachable. Please validate your configuration and connection.

Check this [documentation](https://coolify.io/docs/knowledge-base/server/openssh) for further help.

Error: kex_exchange_identification: Connection closed by remote host

Seemingly related Discord issue.

luckycreationsindia commented 4 months ago

I suspect it's issue with server itself not coolify. Because I tried to connect to server using putty and cloudflare tunnel with forward url which should work but giving the same error you mentioned (Error: kex_exchange_identification)

Having the same issue. Using Coolify Cloud and trying to connect to a Hetzner instance without having my IP completely public.

Noticed that while the services are not working, Coolify is still there and throwing a 404 (as normal) through the Tunnel. I suspect that if there was a valid server for me to install on, it would work. It's just not getting the SSH communication.

Things I've tried:

  • Turning off firewall
  • A whole new domain name prx.cool and Cloudflare settings
  • Various SSL/TLS options
  • Making sure no access rules are on the Tunnel
  • and other things as well

Because of the ability to get HTTP traffic to Coolify running on the server, I think it can be narrowed down to some sort of issue with Coolify connecting.

Server is not reachable. Please validate your configuration and connection.

Check this [documentation](https://coolify.io/docs/knowledge-base/server/openssh) for further help.

Error: kex_exchange_identification: Connection closed by remote host

Seemingly related Discord issue.

peaklabs-dev commented 1 month ago

Please upgrade to the latest version of v4 and re-test if this issue persists as we have made some updates to the cf tunnels configuration. If it does, please reopen this issue or create a new updated issue.