Discourse on a residential internet with Cloudflare Tunnel

Since Discourse now has support for running on a Raspberry Pi, running a small instance in your home lab will become a common use case. However, many residential ISPs block incoming traffic to the ports 80/443 that Discourse need.

For our demo site at https://discourse-on-a-pi.falco.dev/ we used Cloudflare Tunnel to work around this, and you can do it too!

Setup your tunnel

First, follow the following guide:

https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide

The only change you need is changing the URL from url: http://localhost:8000 to url: http://localhost:80. Leave the tunnel running the background already.

Disable Rocket Loader

You must disable Cloudfalre Rocket Loader for Discourse to work properly.

Install Discourse

Follow How to install Discourse in production, but hit CTRL+C after it creates the the app.yml file gives you a 5 seconds count-down.

Now edit the file first few lines so it looks like this:

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/cloudflare.template.yml"
#  - "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
#  - "templates/web.ssl.template.yml"
#  - "templates/web.letsencrypt.ssl.template.yml"

and add the following line under the env: section:

DISCOURSE_FORCE_HTTPS: true

And then run ./launcher rebuild app.

In a few minutes your new Discourse instance will be available on the domain you used in the tunnel/discourse configuration :tada:.

19 Likes

I think it’s better that mention about port. If user decide to use argo tunnel, then they need to setup their port the same as tunnel settings. For example:

-80:80
#-443:443

then they need to let the tunnel listen
http://localhost:80

What I use is use unix socket to connect them.

1 Like

Isn’t that what I mention here:

?

3 Likes

Hi Rafael,

Thanks for the tutorial.

I’ve followed everything as per your guide above and everything works fine however;

Upon clicking on the link in the email to activate my account I get flown back to the correct webpage with an activation button, however this button doesn’t work. I’ve looked up guidance on this forum and it looks like a domain to ip issue?

I have confirmed force_https is set to true in the config.

Any thoughts / did you run into this issue (Screenshot attached) of the button that doesn’t do anything?

1 Like

Alright so I managed to fix this.

Just ensure rocket loader is disabled :wink:

Cheers!

4 Likes

Finally, installed Discourse on Raspberry Pi. But i have problems with Cloudflare Tunnels.

I can’t access to Discourse site with domain, something strange in the config.yml configuration?

url: http://localhost:80
tunnel: 371dd57c-************
credentials-file: /home/pi/.cloudflared/371dd57c-*********.json
1 Like

What is the tunnel command output? It should be explicit about any mistakes you made on the configuration.

2 Likes

cloudflared tunnel info output:

cloudflared tunnel info ******
2022-01-24T04:55:47Z INF Cannot determine default origin certificate path. No file cert.pem in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared] originCertPath=
2022-01-24T04:55:47Z ERR You need to specify the origin certificate path with --origincert option, or set TUNNEL_ORIGIN_CERT environment variable. See https://developers.cloudflare.com/argo-tunnel/reference/arguments/ for more information. originCertPath=
error parsing tunnel ID: Error locating origin cert: client didn't specify origincert path when running from terminal
1 Like

Looks like you misplaced the certificate file? If you are running as root, the file should be under

/root/.cloudflared/

and not where you put it as

1 Like

I have already cert.pem file.

image

1 Like

And are you trying to start the tunnel as the pi user or as root?

2 Likes

I am using this command as pi user

cloudflared tunnel run <UUID or NAME>

1 Like

Hi @bekircem,

It looks like your Cloudflared has been able to initiate a connection to Cloudflare’s edge.

Have you enabled the Routing with a CNAME to your Argo Tunnel ID on Cloudflare?

https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/routing-to-tunnel/dns

Cheers,

Alex.

2 Likes

Hi @Stigin, thank you for the reply.

Yes, i am enabled routing from the command line

1 Like

Interesting one @bekircem - Hmm!!

What is the current error you’re getting when browsing to your website address? Is it just a generic Cloudflare Argo Tunnel error page?

Could you please show us your running containers by running the command: docker ps and show us your current running tunnels with cloudflared tunnel list || Make sure you blur out your argo route / any non-relevant containers! :wink:

Alex.

2 Likes

What is the current error you’re getting when browsing to your website address? Is it just a generic Cloudflare Argo Tunnel error page?

No there is no Cloudflare Argo Tunnel error page.

ERR_NAME_NOT_RESOLVED

docker ps

CONTAINER ID   IMAGE                 COMMAND        CREATED        STATUS        PORTS                                                                      NAMES
f1bde9b70f55   local_discourse/app   "/sbin/boot"   11 hours ago   Up 11 hours   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   app

When use this command as a root user cloudflared tunnel list

2022-01-24T15:55:03Z INF Cannot determine default origin certificate path. No file cert.pem in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared] originCertPath=
2022-01-24T15:55:03Z ERR You need to specify the origin certificate path with --origincert option, or set TUNNEL_ORIGIN_CERT environment variable. See https://developers.cloudflare.com/argo-tunnel/reference/arguments/ for more information. originCertPath=
Error locating origin cert: client didn't specify origincert path when running from terminal

When use this command as a pi user cloudflared tunnel list

You can obtain more detailed information for each tunnel with `cloudflared tunnel info <name/uuid>`
ID                                   NAME      CREATED              CONNECTIONS
371dd57c-**************** ze****2022-01-24T03:35:19Z

It is normal?

We need to use a subdomain for DISCOURSE_HOSTNAME in the config.yml file, right?

Update: I am uninstalled Cloudflared and reinstalled with root user and it works now. I still don’t understand where exactly I went wrong in my previous attempt.

1 Like

Somehow I finally ran the site on Raspberry and it’s live.

I don’t really understand how. I am removed Cloudflared and re-install it with root user. And it works…

I have two questions,

1- It seems my SSL certificate not work correctly so I can’t login to my admin account on Discourse. (It appears to be running in incognito tab. Maybe it’s something about cache.) Are you using full or full(strict)?

2- I have questions about running cloudflared as a service. https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/run-as-service

I ran tunnel with cloudflared tunnel run <UUID or NAME> command. But when i close the iterm windows will it stop working?

If you have already logged in and have a configuration file in ~/.cloudflared/ , these will be copied to /etc/cloudflared/ .

If you do not have a configuration file, you will need to create a config.yml file with fields listed above. You can pass a custom file by running cloudflared --config CONFIG-FILE service install .

I checked, i don’t have configuration file in /etc/cloudflared/. In this case, what should I do to run this service automatically?

Thank you.

1 Like

Questions that are more specific about the Cloudflare tunnel service may receive better answers at Topics tagged cloudflaretunnel

2 Likes

Hey @bekircem,

I think reinstalling it would of fixed the issue of cloudflared not finding the certificate…

With regards to running Cloudflare as a service - the configuration file you created when running the service manually will need to be moved to /etc/cloudflared.

I’m unsure about linking personal sites here so please let me know if I need to remove this but I’ve covered this under my one of my blogs under the section called: ‘Setup and Run Cloudflared as a Service

Let us know how you get on!

Alex.

3 Likes

Thank you for the reply.

Great blog post, thanks for sharing.

Run Cloudflared as a Service

sudo cloudflared service install

config.yml file automatically copied to /etc/cloudflared/.

sudo systemctl start cloudflared

sudo systemctl enable cloudflared

And it’s working great. I haven’t tried rebooting yet but I hope it will work.

3 Likes