I have encountered a technical problem and I need help.
The command I ran is:shopify app dev --tunnel-url=https://4ee0-222-68-0-86.ngrok-free.app:8080
I use my own tunnel ngrok.
I use proxies to access websites, such as the ClashX application.
I have set the environment variables.
SHOPIFY_HTTPS_PROXY=http://127.0.0.1:7890
SHOPIFY_HTTP_PROXY=http://127.0.0.1:7890
HTTPS_PROXY=http://127.0.0.1:7890
HTTP_PROXY=http://127.0.0.1:7890
The project was functioning properly at the beginning.
The created applications can be displayed in the corresponding developer store’s backend application.
The application was created based on the descriptions in the document, and all the functions are functioning properly.
But less than a minute had passed before…
The terminal displayed an error message and the application was interrupted.
The error message is:
Error: connect ETIMEDOUT 34.111.204.238:443
at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1611:16)
at TCPConnectWrap.callbackTrampoline (node:internal/async_hooks:130:17)
I have tried using proxychains4 to force all Shopify CLI requests to go through a proxy.But it didn’t work.The problem still exists.
I also tried using the default Cloudflare Quick Tunnels.The problem still exists.
After using the TUN mode, ngrok cannot be used. Even if Cloudflare is used by default and ngrok is not used, a prompt will appear: “Could not start Cloudflare tunnel: max retries reached. Error: The client network socket was disconnected before a secure TLS connection was established.” Are there any solutions to these problems?
Thank you for your reply. After I enabled the TUN mode, by using the command: ngrok http http://127.0.0.1:8080, the prompt appeared:
Session Status reconnecting (failed to send authentication request: EOF)
I’m currently using Clash Verge. Do I need to make any specific configurations within this program?
After I configured the connection rules related to ngrok in the Clash verge configuration, when the configuration was set to direct connection, it prompted: Session Status reconnecting (failed to dial ngrok server with address “connect.ngrok-agent.com:443”: dial tcp 204.236.189.107:443: i/o timeout), and when the configuration was set to proxy connection, it prompted: Session Status reconnecting (failed to dial ngrok server with address “connect.ngrok-agent.com:443”: dial tcp 52.53.56.252:443: i/o timeout). I also tried to enable the SOCKS proxy port for testing, but it didn’t work either. I ran the command: curl --socks5-hostname 127.0.0.1:7898 -k https://connect.ngrok-agent.com, and it prompted: curl: (1) Received HTTP/0.9 when not allowed. The configuration in ngrok has been changed to proxy_addr: “127.0.0.1:7898”.
I also discovered some information:
Special restrictions of Mixed-Port in TUN mode:
Although the mixed port (7897) theoretically supports SOCKS5, in the TUN mode, Mixed Port is actually not usable for local proxy connections.
When the Clash TUN core processes traffic, it adopts a “virtual traffic reception” method for the mixed-port, which results in the inability of local tools such as curl and ngrok to establish normal SOCKS5 connections through the mixed-port.
So you see this “HTTP/0.9 not allowed”;
The issue is not about your command, but the “design limitation” of the “Mixed Port” mode in the Clash TUN configuration.
2. The SOCKS port 7898 is the actual port that is truly open to local applications:
7898 is specifically designed for local programs such as curl and ngrok;
You were able to successfully perform a curl operation using 7898, which proves that the SOCKS port (7898) is functioning properly.
The Mixed Port (7897) can only be handled by the Clash kernel itself and cannot be accessed directly by tools like curl or ngrok - this is a common problem with Clash TUN.
3. Official Clash TUN Instructions (Key Points):
The official has stated that:
When the TUN mode is enabled, the Mixed Port cannot be used to handle the traffic of local programs; it is only responsible for the traffic forwarding of the TUN virtual network card.
This is the fundamental reason why you encounter the issue of “7897 cannot be connected via either HTTP or SOCKS5”.
The current version of the Clash kernel I’m using is v1.19.10 Mihomo. ChatGPT indicates that the old issues of this kernel might cause the socks5 + TUN bug, but in Clash Verge, it is indicated that it is already the latest kernel.
It seems that this problem is rather difficult to solve.
I have attempted to change the sing-box, but I don’t know how to configure this application. Even after several attempts, it still didn’t work. Regarding the advanced settings in the Clash verge application’s settings, could you please de-identify the current configuration or configuration document and send it over for me to review? This will allow me to compare it and see if there are any incorrect configurations. If things don’t improve, I might consider switching to another service provider. Which service provider are you using?
I was able to successfully enable ngrok in my home network environment. The reason why ngrok couldn’t be enabled before might be related to the company’s network. Now, after the application has been run, the error message “Error: connect ETIMEDOUT 34.111.204.238:443” no longer occurs. Thank you for your help.
