I’m trying to setup a Cloudflare tunnel to Nginx proxy manager to access all my self hosted services externally.
If I have my tunnel forward to http://nginx:80 and have force TLS turned off in Nginx proxy host everything works fine.
If I turn on force TLS I get a too many redirects error. I did some googling and found that you need to turn on full encryption rather than flexible in Cloudflare to fix this and I tried that and I still get the same issue.
If I change the tunnel to forward to https://nginx:443 I get a 502 bad gateway error, even if I turn off TLS verify.
Can anyone please help me fix these issues?
What error messages are you getting in your tunnel’s error logs? You can view the live logs by going to Zero Trust -> Access -> Tunnels on your Cloudflare dashboard. Click on your tunnel’s name, then the connector ID, then “begin log stream”.
Or, from the command line, you can add the flag
--logging DEBUG
to your cloudflared application at start.After enabling logging using either of these methods, try to load your site in your browser and see what error you’re getting.
Are you wanting to enable this setting in NPM so https addresses will work on your local network? I ask because the tunnel already encrypts the traffic outside your network. Changing your tunnel’s forwarding address from
http://nginx:80
tohttps:nginx:443
only encrypts the traffic between the cloudflared and NPM daemons running on your computer. It really isn’t necessary since it’s internal to your server.If that’s the reason why, did you install a certificate in NPM that’s specific for your domain?
Why not just use the Cloudflare tunnel to connect directly to the services in question, rather than tunnel > npm > service, out of curiosity?
I’ve got a bunch of my services behind my tunnel, be it http or tcp services, and just point the tunnel to those services directly. Services I don’t want publicly accessible I put behind Cloudflare access which goes to my Keycloak instance for auth and then to the service if successful. Ended up getting rid of traefik as a reverse proxy entirely when I swapped to using Cloudflare tunnels.