Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: [Coolify Cloud] Cloudflare Tunnel setup makes the server unreachable by Coolify #4952

Closed
pvillega opened this issue Jan 24, 2025 · 2 comments
Closed

[Bug]: [Coolify Cloud] Cloudflare Tunnel setup makes the server unreachable by Coolify #4952

pvillega opened this issue Jan 24, 2025 · 2 comments

Comments

@pvillega
Copy link

pvillega commented Jan 24, 2025
edited
Loading

Error Message and Logs

Server is reachable:
Server is not reachable. Please validate your configuration and connection.
Check this [documentation](https://coolify.io/docs/knowledge-base/server/openssh) for further help.

Error: Connection timed out during banner exchange

Hosted at: app.coolify.com

Steps to Reproduce

  1. Create a new Hetzner server, using Ubuntu 24.04. Don't use any cloud-init configuration.
  2. Add the server to Coolify (Cloud)
  3. Once verified, enable Cloudflare Tunnel > Automatic. Provide token and domain
  4. Cloudflare tunnel works. I can ssh via the browser. The tunnel reports as active. I can ssh from my laptop. Coolify Hosted can't see the server, and can't verify it.

Example Repository URL

No response

Coolify Version

v4.0.0-beta.380

Are you using Coolify Cloud?

No (self-hosted)

Operating System and Version (self-hosted)

Ubuntu 24.04

Additional Information

After installing Cloudflare Tunnel on a server managed by Coolify Cloud (not self-hosted), Coolify can't see the server any more.

After the Tunnel installation, I can access the server via the tunnel or using a direct ssh connection.
But Coolify asks me to verify the server again, and when I try, it says the server is not reachable. I can't seem to revert that status, I need to wipe the server.

I had a question in Discord about this, although I am not sure if it adds much more context: https://discord.com/channels/459365938081431553/1331359316145471568/1331359316145471568
@pvillega pvillega added 🐛 Bug Reported issues that need to be reproduced by the team. 🔍 Triage Issues that need assessment and prioritization. labels Jan 24, 2025
@myLawd
Copy link

myLawd commented Jan 25, 2025

  1. You may need to allow Cloudflare ips in your iptables rules. https://www.cloudflare.com/ips/
  2. Also check your servers firewall rules are in place https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/deploy-tunnels/tunnel-with-firewall/
  3. check this tut here if you're using zero trust: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/remote-management/

@pvillega
Copy link
Author

I found the issue. Writing it here for the future when someone hits the same problem.

The issue was a Cloudflare Access application that matched the domain. This meant there was an authentication step on the domain, even via ssh.

It was an old security that I had forgotten about. Thanks for the help, this can be closed :)

@github-actions github-actions bot removed 🐛 Bug Reported issues that need to be reproduced by the team. 🔍 Triage Issues that need assessment and prioritization. labels Jan 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pvillega @myLawd