gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
17.7k stars 1.77k forks source link

external access not working (cloudlfare) #38242

Closed twf0 closed 9 months ago

twf0 commented 9 months ago

I have access with https://:9999 but not with the domain name. I have a A DNS record (in cloudflare) pointing to the teleport server. No firewall or NAT problems. My config :

version: v3 teleport: nodename: xxx data_dir: /var/lib/teleport log: output: xxx severity: INFO format: output: text ca_pin: "" diag_addr: "" auth_service: enabled: "yes" listen_addr: 0.0.0.0:3025 cluster_name: xxx.fr proxy_listener_mode: multiplex ssh_service: enabled: "yes" commands:

Bug details:

Someone have any idea ?

stevenGravy commented 9 months ago

This is likely due to cloudflare support of connection upgrades. Please take a look at https://github.com/gravitational/teleport/issues/30493. Recommend further discussion in the community slack or discussion.

twf0 commented 9 months ago

Thanks for your reply, so for the moment cloudflare is not compatible with teleport ?

stevenGravy commented 9 months ago

Not for TLS routing which is the multiplex mode.

twf0 commented 9 months ago

I tried to put the proxy_listener_mode in separate mode, same issue...

stevenGravy commented 9 months ago

Please post this in the slack community or in GitHub discussion to continue.

evrynet1 commented 9 months ago

@twf0 CF only supports 443/80 so you should run teleport on 443 instead of 9999 and make sure you have a valid SSL cert set as well and then it will work with multiplexing too. (keep auth_listen on 3025)

Anmirazik commented 9 months ago

@evrynet1 could you pls share your config files ? Im running teleport using cloudflare tunnel and haven't been able to make it work yet ... Are you using CF tunnel as well ?