cloudflared
cloudflared copied to clipboard
cloudflare
cloudflared on Docker fails on ipv6 despite all settings🐛
Trying to start cloudflared (Docker) on Ubuntu 22.10 (was the same on previous version) and the service fails with an attempt to connect using ipv6. The Linux environment is set to have ipv6 disabled and I've even tried with the --edge-ip-version 4 setting in the command and the result is the same
docker-compose.yml:
version: "3.2"
services:
tunnel:
image: cloudflare/cloudflared:latest
restart: unless-stopped
volumes:
- ${DOCKER_HOME}/cloudflared:/.cloudflared
command: --edge-ip-version 4 tunnel run
environment:
- TUNNEL_TOKEN=<redacted>
If it's an issue with Cloudflare Tunnel: Tunnel ID : dbb612e7-4af3-42fb-ad2c-ac8b590d3641 cloudflared config: n/a (default)
Expected behavior Successful startup without the use of ipv6
Environment and versions
- OS: Linux
- Architecture: AMD
- Version: 22.10
Logs:
tunnel_1 | 2022-11-16T22:17:22Z INF Starting tunnel tunnelID=dbb612e7-4af3-42fb-ad2c-ac8b590d3641
tunnel_1 | 2022-11-16T22:17:22Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]
tunnel_1 | 2022-11-16T22:17:22Z INF Version 2022.10.3
tunnel_1 | 2022-11-16T22:17:22Z INF GOOS: linux, GOVersion: go1.19.2, GoArch: amd64
tunnel_1 | 2022-11-16T22:17:22Z INF Settings: map[edge-ip-version:4 no-autoupdate:true]
tunnel_1 | 2022-11-16T22:17:22Z INF Environmental variables map[TUNNEL_LOGLEVEL:debug TUNNEL_TOKEN:*****]
tunnel_1 | 2022-11-16T22:17:22Z INF Generated Connector ID: e9fb7ce7-f254-44f8-bf2b-cb96ab172a19
tunnel_1 | 2022-11-16T22:17:22Z INF Will be fetching remotely managed configuration from Cloudflare API. Defaulting to protocol: quic
tunnel_1 | 2022-11-16T22:17:22Z INF Initial protocol quic
tunnel_1 | 2022-11-16T22:17:22Z ERR update check failed error="Get \"https://update.argotunnel.com?arch=amd64&clientVersion=2022.10.3&os=linux\": dial tcp: lookup update.argotunnel.com on [::1]:53: dial udp [::1]:53: socket: address family not supported by protocol"
tunnel_1 | 2022-11-16T22:17:22Z INF ICMP proxy will use 172.18.0.4 as source for IPv4
tunnel_1 | 2022-11-16T22:17:22Z DBG Failed to determine the IPv6 for this machine. It will use :: to send/listen for ICMPv6 echo
tunnel_1 | 2022-11-16T22:17:22Z INF ICMP proxy will use :: as source for IPv6
tunnel_1 | 2022-11-16T22:17:22Z DBG failed to create ICMPv6 proxy, only ICMPv4 proxy is created error="socket: address family not supported by protocol"
tunnel_1 | 2022-11-16T22:17:22Z ERR Error opening metrics server listener error="lookup localhost on [::1]:53: dial udp [::1]:53: socket: address family not supported by protocol"
tunnel_1 | Error opening metrics server listener: lookup localhost on [::1]:53: dial udp [::1]:53: socket: address family not supported by protocol
Other: community discussion
just noticed you command, should not it be?:
command: tunnel --edge-ip-version 4 run
In any case, that is not working for me neither.
Similar to this issue #922, cloudflared expects to be able to reach ports 53 to make a SRV request to fetch the Anycast regions for the Cloudflare network; this is used for cloudflared edge discovery.
It looks like you have not setup egressing port 53 for your container and cloudflared is resorting to localhost port 53 to attempt the SRV request.
This issue was created in November of '22 and there are no clear instructions on how to get around this. Can anyone chime in?
tunnel:
image: cloudflare/cloudflared:latest
container_name: tunnel
command: tunnel --no-autoupdate run --token <mytoken>
networks:
- jfhome #a name for the Cloudflare Network
restart: unless-stopped
networks:
t2_proxy:
name: t2_proxy
driver: bridge
ipam:
config:
- subnet: 192.168.90.0/24
default:
driver: bridge
jfhome: #a name for the Cloudflare Network
Similar to this issue #922, cloudflared expects to be able to reach ports 53 to make a SRV request to fetch the Anycast regions for the Cloudflare network; this is used for cloudflared edge discovery.
It looks like you have not setup egressing port 53 for your container and cloudflared is resorting to localhost port 53 to attempt the SRV request.
Thanks @DevinCarr - the issue is that's not anywhere in the instructions (if that would indeed fix the issue). Do you happen to have the expertise to help modify the above docker-compose snippet?