502 Bad Gateway with minimalistic Docker-Ubuntu-HTTP setup

I have a site, running successfully in docker and available at http://localhost:8080. I have done nothing with certificates though or a reverse proxy.
I set up my first tunnel with the docker command it gave me: docker run -d cloudflare/cloudflared:latest tunnel --no-autoupdate run --token [token]. The tunnel is set up like so:
[Uploading: Screen Shot 2023-05-10 at 09.56.44.png…](Cloudflare tunnel creation)
UFW allows traffic to 8080 from my local network, but for good measure I tried opening this up to Anywhere, got the same results.

The log from the cloudflared container shows:

2023-05-10T06:50:59Z INF Starting tunnel tunnelID=f01699bf-f5ab-44e9-99a0-ca32172881e9
2023-05-10T06:50:59Z INF Version 2023.5.0
2023-05-10T06:50:59Z INF GOOS: linux, GOVersion: go1.19.8, GoArch: amd64
2023-05-10T06:50:59Z INF Settings: map[no-autoupdate:true token:*****]
2023-05-10T06:50:59Z INF Generated Connector ID: e68e679d-7b07-4413-a998-b78ba76cee8b
2023-05-10T06:51:00Z INF Initial protocol quic
2023-05-10T06:51:00Z INF ICMP proxy will use as source for IPv4
2023-05-10T06:51:00Z INF ICMP proxy will use :: as source for IPv6
2023-05-10T06:51:01Z INF Starting metrics server on
2023/05/10 06:51:01 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2023-05-10T06:51:02Z INF Registered tunnel connection connIndex=0 connection=fc6c8a79-f8b3-42f2-8352-e42fa9e4cc65 event=0 ip= location=MRS protocol=quic
2023-05-10T06:51:03Z INF Updated to new configuration config="{\"ingress\":[{\"hostname\":\"elsie.mydomain.dev\",\"originRequest\":{\"noTLSVerify\":true},\"service\":\"https://localhost:8080\"},{\"service\":\"http_status:404\"}],\"warp-routing\":{\"enabled\":false}}" version=5
2023-05-10T06:51:03Z INF Registered tunnel connection connIndex=1 connection=a697c2d6-d19c-41eb-8c1c-dd9fdd6f1d26 event=0 ip= location=FRA protocol=quic
2023-05-10T06:51:05Z INF Registered tunnel connection connIndex=2 connection=f2ac7408-eb2a-4f13-86a7-277081069fe5 event=0 ip= location=MRS protocol=quic
2023-05-10T06:51:05Z INF Registered tunnel connection connIndex=3 connection=2d6c8ccc-abc4-4504-a170-da0e45c581d5 event=0 ip= location=FRA protocol=quic
2023-05-10T06:51:51Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp connect: connection refused" cfRay=7c50418bfb473a78-FRA event=1 ingressRule=0 originService=https://localhost:8080
2023-05-10T06:51:51Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp connect: connection refused" connIndex=1 dest=https://elsie.mydomain.dev/ event=0 ip= type=http

Do I need to set up certificates with letsencrypt or something on my local box? I thought these tunnels were supposed to get around that. I also haven’t created any config.yml file, as that wasn’t in any instructions for a docker setup.

^ here’s the image that didn’t get uploaded in the OP

The issue is related to using localhost within the cloudflared container. In this case, localhost will be the cloudflared container’s loopback interface rather than the host machine’s loopback interface.

The correct way to connect two containers is to put them in the same Docker network. This will allow you to specify http://web-server as the origin, assuming the web-server container is called web-server.

Docker will automatically create a shared network for containers in the same compose project. If using docker run you need to manually create a network and specify it using --network when starting the container.

Brilliant, thanks! I was able to attach the cloudflared container to the existing docker-compose network with a new docker run command, then changed the origin config. Worked immediately.

Glad it worked! I’d recommend defining all your containers (including cloudflared) in your compose file. IMO this is much easier to manage than docker run.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.