Hello everyone, I want to make my openremote publicly accessible, I use a cloudflare tunnel installed on docker, I have registered my openremote address on the cloudflare zero trust page, but when I open it, I get a Bad gateway 502 error message. Is there anyone who can help me to solve it?
What does 192.168.0.101 point to exactly? It is a local IP address and therefore not publicly accessible. Additionally, you’ve designated it as HTTPS while assigning it to port 80, which typically does not handle encrypted traffic.
1 Like
Hi @michal can you help me to make my openremote localhost publicly accessible by using tunnel on cloudflared?
Can you please put this question in ChatGPT and tell me at which point it fails? We can take it from there:
How do you make a site publicly accessible using a Cloudflare tunnel?
Hello @michal , I have tried to make my cloudflare tunnel container into one network with the openremote container
Then I have also added the public hostname and service on cloudflare according to the openremote container address on docker.
The keycloak address is successfully tunneled and can be opened in the browser.
Likewise, the manager address was also successfully tunneled
But why for the proxy address cannot display the openremote login page when tunneled using cloudflare? is there a step that I forgot?
The issue arises due to a double redirection for the /manager path, which creates a loop and likely disrupts the Cloudflare tunnel. This behavior becomes evident when inspecting both endpoints. Notably, the /auth path redirects correctly, whereas the /manager path includes a redirection from https to http, resulting in an insecure redirection loop.
Here are the details for reference:
curl -IL https://demo.openremote.app/auth
HTTP/2 303
location: https://demo.openremote.app/auth/
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000
x-robots-tag: noindex
HTTP/2 200
cache-control: no-cache, must-revalidate, no-transform, no-store
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
content-type: text/html;charset=utf-8
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-robots-tag: none
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000
x-robots-tag: noindex
curl -IL https://demo.openremote.app/
HTTP/2 302
location: http://demo.openremote.app/manager
content-length: 0
date: Mon, 23 Dec 2024 12:53:37 GMT
strict-transport-security: max-age=15768000
x-robots-tag: noindex
HTTP/2 302
location: /manager/
content-type: text/html;charset=UTF-8
content-length: 64
date: Mon, 23 Dec 2024 12:53:37 GMT
strict-transport-security: max-age=15768000
x-robots-tag: noindex
HTTP/2 200
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache,no-store,must-revalidate
pragma: no-cache
accept-ranges: bytes
date: Mon, 23 Dec 2024 12:53:37 GMT
etag: W/"index.html-1729841626000"
last-modified: Fri, 25 Oct 2024 07:33:46 GMT
content-type: text/html
content-length: 2615
strict-transport-security: max-age=15768000
x-robots-tag: noindex
This behavior constitutes a bug. Please feel free to create an issue on the OpenRemote GitHub repository: https://github.com/openremote/openremote/issues.
I seem to be having the same or similar issue without Cloudflare - trying to host on a local machine with an external IP address/FQDNs and I can get to /auth just fine, but the redirect to /manager just stops with a blank page after I login.
Could this be the same/similar bug?
curl -IL https://mqtt-XXX.XXXXXXX.com/auth
HTTP/2 303
location: https://mqtt-XXX.XXXXXXX.com/auth/
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000
x-robots-tag: noindex
HTTP/2 200
cache-control: no-cache, must-revalidate, no-transform, no-store
content-security-policy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
content-type: text/html;charset=utf-8
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-robots-tag: none
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000
x-robots-tag: noindex
curl -IL https://mqtt-XXX.XXXXXXX.com/
HTTP/2 302
location: http://mqtt-XXX.XXXXXXX.com/manager
content-length: 0
date: Thu, 26 Dec 2024 18:53:03 GMT
strict-transport-security: max-age=15768000
x-robots-tag: noindex
HTTP/2 302
location: /manager/
content-type: text/html;charset=UTF-8
content-length: 64
date: Thu, 26 Dec 2024 18:53:03 GMT
strict-transport-security: max-age=15768000
x-robots-tag: noindex
HTTP/2 200
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache,no-store,must-revalidate
pragma: no-cache
accept-ranges: bytes
date: Thu, 26 Dec 2024 18:53:03 GMT
etag: W/"index.html-1734360214000"
last-modified: Mon, 16 Dec 2024 14:43:34 GMT
content-type: text/html
content-length: 2615
strict-transport-security: max-age=15768000
x-robots-tag: noindex