Cloudflare Error 1033 when trying to setup Argo Tunnel

BamaStangGuy · Feb 19, 2021

I followed the manual guide here and everything went great until I tried to load the site.

https://blog.centminmod.com/2021/02/09/2250/how-to-setup-cloudflare-argo-tunnel-on-centos-7/

I am trying to set this up for bamapolitics.com so I set the hostname as www.bamapolitics.com

I noticed you had a separate subdomain tun.domain.com in your tutorial. Did I mess up by setting mine up as www.domain.com?

I only want the tunnel to work for that domain.

eva2000 · Feb 19, 2021

What issues you having ? edit: oh 1033 error in title of thread !

For apex domains I setup tunnel to work for www and non-www version of the domain. ServerManager.guide Wordpress blog is using Argo Tunnel with such a config.

eva2000 · Feb 19, 2021

Error 1033 Troubleshooting Cloudflare 1XXX errors

Error 1033: Argo Tunnel error
Common cause
You've requested a page on a website (tunnel.example.com) that is on the Cloudflare network. The host (tunnel.example.com) is configured as an Argo Tunnel, and Cloudflare is currently unable to resolve it.

Resolution

If you are a visitor of this website: Please try again in a few minutes.

If you are the owner of this website: Ensure that cloudflared is running and can reach the network. You may wish to enable load balancing for your tunnel.

Click to expand...

eva2000 · Feb 19, 2021

FYI CF Argo Tunnel had some issues from Argo Tunnel Availability Issues

Argo Tunnel Availability Issues
Incident Report for Cloudflare

Resolved
This incident has been resolved.
Posted 1 hour ago. Feb 19, 2021 - 10:34 UTC

Monitoring
A fix has been implemented and we are monitoring the results.
Posted 4 hours ago. Feb 19, 2021 - 07:58 UTC

Identified
The issue has been identified and a fix is being implemented.
Posted 10 hours ago. Feb 19, 2021 - 01:22 UTC

Investigating
Cloudflare is investigating issues with a small set of requests to Argo Tunnels failing.

We are working to mitigate this problem. More updates to follow shortly.
Posted 11 hours ago. Feb 19, 2021 - 01:15 UTC
Click to expand...

BamaStangGuy · Feb 19, 2021

For apex domains I setup tunnel to work for www and non-www version of the domain. ServerManager.guide Wordpress blog is using Argo Tunnel with such a config.
Click to expand...

Does this require a different setup process from your tutorial?

eva2000 · Feb 19, 2021

No same process just setup non-www domain.com DNS CNAME to tunnelid.cfargotunnel.com and setup www CNAME to domain.com and ensure both www and non-www are listed in config.yml config file

from https://blog.centminmod.com/2021/02...#step-3-creating-cloudflared-yaml-config-file

Code (Text):

tunnel: your_tunnelid
credentials-file: /root/.cloudflared/your_tunnelid.json
origincert: /root/.cloudflared/cert-tun.domain.com.pem
protocol: http2
originRequest:
  connectTimeout: 30s

metrics: localhost:5432
#tag: cmm=blog
pidfile: /var/run/cmm-test-argo.pid
autoupdate-freq: 24h
loglevel: info
logfile: /var/log/cloudflared.log

ingress:
  - hostname: tun.domain.com
   service: https://localhost:443
   originRequest:
     connectTimeout: 10s
     noTLSVerify: true
  - hostname: hostname.domain.com
   service: https://localhost:443
   originRequest:
     connectTimeout: 10s
     noTLSVerify: true
  - hostname: host.example.com
   service: https://localhost:443
   originRequest:
     connectTimeout: 10s
     noTLSVerify: true
  - service: http_status:404

so would be like

Code (Text):

tunnel: your_tunnelid
credentials-file: /root/.cloudflared/your_tunnelid.json
origincert: /root/.cloudflared/cert-tun.domain.com.pem
protocol: http2
originRequest:
  connectTimeout: 30s

metrics: localhost:5432
#tag: cmm=blog
pidfile: /var/run/cmm-test-argo.pid
autoupdate-freq: 24h
loglevel: info
logfile: /var/log/cloudflared.log

ingress:
  - hostname: tun.domain.com
   service: https://localhost:443
   originRequest:
     connectTimeout: 10s
     noTLSVerify: true
  - hostname: domain.com
   service: https://localhost:443
   originRequest:
     connectTimeout: 10s
     noTLSVerify: true
  - hostname: www.domain.com
   service: https://localhost:443
   originRequest:
     connectTimeout: 10s
     noTLSVerify: true
  - service: http_status:404

BamaStangGuy · Feb 19, 2021

Now I am getting this: https://tun.bamapolitics.com/

Code:

#x# HTTPS-DEFAULT
 server {
 
   server_name tun.bamapolitics.com;
   return 302 https://tun.bamapolitics.com$request_uri;
   root /home/nginx/domains/tun.bamapolitics.com/public;
   include /usr/local/nginx/conf/staticfiles.conf;
 }


server {
  listen 443 ssl http2 reuseport;
  server_name tun.bamapolitics.com;

  include /usr/local/nginx/conf/ssl/tun.bamapolitics.com/tun.bamapolitics.com.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

  # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
  ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/tun.bamapolitics.com/origin.crt;
  ssl_verify_client on;
 
 
 
  # mozilla recommended
  ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;

  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  #add_header Referrer-Policy "strict-origin-when-cross-origin";
  #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/tun.bamapolitics.com/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/tun.bamapolitics.com/log/error.log;

  include /usr/local/nginx/conf/autoprotect/tun.bamapolitics.com/autoprotect-tun.bamapolitics.com.conf;
  root /home/nginx/domains/tun.bamapolitics.com/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Wordpress Permalinks example
  #try_files $uri $uri/ /index.php?q=$uri&$args;

  }

  include /usr/local/nginx/conf/php.conf;
 
  include /usr/local/nginx/conf/pre-staticfiles-local-tun.bamapolitics.com.conf;
  include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

eva2000 · Feb 19, 2021

bad request 400 ? Argo Tunnel is incompatible with Cloudflare Authenticated Origin Pull as they both do the same thing to prevent visitor access that bypasses Cloudflare proxy and tries HTTP access via the server’s real IP access – just done in different ways. So comment out
Code (Text):
  # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
  ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/tun.bamapolitics.com/origin.crt;
  ssl_verify_client on;
I should update my blog article at https://blog.centminmod.com/2021/02/09/2250/how-to-setup-cloudflare-argo-tunnel-on-centos-7/ with that note seeing as more likely Centmin Mod users may have manually enabled Cloudflare Authenticated Origin Pulls.

edit: updated at Cloudflare Authenticated Origin Pull Incompatibility

BamaStangGuy · Feb 20, 2021

That was it. It is working now but Bama Politics redirects to the main website. Why is that?

eva2000 · Feb 20, 2021

BamaStangGuy said: ↑

That was it. It is working now but Bama Politics redirects to the main website. Why is that?
Click to expand...

The config.yml config hostnames need to correspond to Centmin Mod Nginx vhost server_names you setup. So if you don't have a tun.domain.com on your Centmin Mod Nginx it will go to main hostname default HTML page. If you don't have a site on tun.domain.com just remove their entries from config.yml and restart Argo Tunnel's cloudflared service.

Log in / Register

Forums

Get the most out of your Centmin Mod LEMP stack

Cloudflare Error 1033 when trying to setup Argo Tunnel

BamaStangGuy Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Get the most out of your Centmin Mod LEMP stack

Cloudflare Error 1033 when trying to setup Argo Tunnel

BamaStangGuy Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

eva2000 Administrator Staff Member

.