"you are using Cloudflare Tunnel in a (legacy) way that is no longer supported.Migrate to Named Tunnels to continue exposing your private origin through Cloudflare's Network" error message
mendhak opened this issue ยท 9 comments
Is anyone else getting this error after days of no problems with the tunnel?
calibre-web-cloudflared | 2022-04-23T14:15:54Z ERR Connection terminated error="you are using Cloudflare Tunnel in a (legacy) way that is no longer supported.Migrate to Named Tunnels to continue exposing your private origin through Cloudflare's Network.You can follow this guide: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/do-more-with-tunnels/migrate-legacy-tunnels as an example.Alternatively, you can go to https://dash.teams.cloudflare.com/ -> Access -> Tunnels -> Create and rely on the User Interface instead." connIndex=3
My docker compose is very simple, and has been working until just today
cloudflared:
image: erisamoe/cloudflared
container_name: calibre-web-cloudflared
volumes:
- ./cloudflared:/etc/cloudflared
command: --hostname xxxx.xxxxx.com --url http://nginx:80
depends_on:
- nginx
It looks like Cloudflare might finally be cracking down on usage of legacy tunnels. To be honest this is sort of my fault for slacking on writing documentation for using this image with named tunnels.
I haven't checked this locally myself yet, but for the issue I would recommend running /cloudflared tunnel create myname
one time in the container and then modifying your run command to include --name myname
. This gets you the simplest named tunnel setup without changing too much of your setup.
Cloudflare allows you to manage your tunnels and public hostnames and private networks via the Zero Trust dashboard now so I simple start the container with -
tunnel --no-autoupdate run --token
and manage the rest via the dashboard which is now the recommended way.
Using named tunnels through the --name
argument or through a full config.yml
is still going to be supported going forward however. Legacy tunnels without names are all that's deprecated.
While it is possible to configure tunnels from the dashboard now, I figured that a named tunnel through a simple argument would make an easier migration than moving everything to the dashboard (Since it's just like one command and a compose file edit and then you're back up and running.)
Both regular named tunnels and their remote configuration variants are something I need to start documenting for this image, sooner rather than later.
No worries, actually I appreciate this image existing because Cloudflare don't provide one that runs on Raspberry Pi.
Here's what I did in my setup after following their docs:
Changed the command:
in docker-compose.yml to:
command: tunnel run --url http://nginx:80 mylibrary
Create the tunnel manually,
docker run -v $PWD/cloudflared:/etc/cloudflared erisamoe/cloudflared tunnel create mylibrary
docker run -v $PWD/cloudflared:/etc/cloudflared erisamoe/cloudflared tunnel route dns mylibrary mylibrary.example.com
Create a cloudflared/config.yml, with the contents:
tunnel: b9xxxxxx-xxxx-xxxx-xxxx-xxxxxxx
credentials-file: /etc/cloudflared/b9xxxxxx-xxxx-xxxx-xxxx-xxxxxxx.json
Then docker-compose up -d worked.
Thank you for the explanation!
To the best of my knowledge this could have also been done without the config.yml by simply adding --name mylibrary
to your original command, which if I remember correctly cloudflared recommends in a warning when you try to use a legacy tunnel.
You can also run the commands in the existing compose setup with docker-compose exec
or docker-compose run
.
Isssue has been pinned pending an update in documentation from me that explains named tunnels.
Thanks very much, that worked a treat (and wasn't very obvious from their docs).
A simple change none of the other stuff I mentioned was required!
command: --hostname mylibrary.example.com --name mylibrary --url http://nginx:80
No problem!
Yeah the docs are all over the place, I only remember this because for the longest time if you did --url
and --hostname
then it would output the following:
2022-04-23T21:09:23Z INF You are running a Tunnel in legacy mode which will be deprecated. Please use the documentation below to switch to pre-created Tunnels for improved stability and management.
2022-04-23T21:09:23Z INF - To expose applications to the internet create a permanent tunnel as described in https://developers.cloudflare.com/cloudflare-one/connections/connect-apps.
2022-04-23T21:09:23Z INF - If you are running an ad-hoc tunnel from the terminal, add --name NAME flag to `cloudflared tunnel` command.
Specifically the last line:
If you are running an ad-hoc tunnel from the terminal, add --name NAME flag to
cloudflared tunnel
command.
Thank you so much for detailing exactly what we need to do. I ran into an issue that since there were AAA entries already it wouldn't create the new CNAMEs, so for me the steps were:
docker exec myAppContainer /cloudflared tunnel create myApp
and then append --overwrite-dns to the command in docker-compose:
command: --hostname hostname --url http://url --name myApp --overwrite-dns
If anyone else runs into it, they can also manually delete the DNS entries from Cloudflare and then they dont need to add the --overwrite-dns command.
Again, thank you for the great work!