Hey @uttarms, I am sorry to write back a bit late, however that’s weird to me 
Can we reproduce the steps and check the config.yml for cloudflared?
What I’ve done in the meantime and it’s still working via cloudflared tunnel over Docker and accessible to public via portainer.example.dev.
- I installed Docker on my Raspberry Pi 4 which is connected to my local home network.
- Added my user to docker group
- Just in case, I’ve configured my custom RPi hostname and added my ISP IP address as
rpi.example.cominto the hosts file - Created Portainer volume
docker volume create portainer_data - Run the
docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest - Logged-in and created admin user via RPi Web browser via
https://localhost:9443(HTTP only working) - Downloaded and installed armhf.deb → Release 2022.10.1 · cloudflare/cloudflared · GitHub
- Then authenticated as
cloudflared tunnel loginin my Web browser for my domain - Created cloudflared tunnel as
cloudflared tunnel create portainer - Inside
/root/.cloudflared/config.yml, created and saved config.yml which contains basic:
tunnel: CLOUDFLARED-TUNNEL-ID
credentials-file: /root/.cloudflared/COUDFLARED-TUNNEL-ID.json
ingress:
- hostname: portainer.example.dev
service: https://localhost:9443
originRequest:
connectTimeout: 30s
noTLSVerify: true
- service: http_status:404
- Started traffic routing as
cloudflared tunnel route dns portainer portainer.example.com - Run the tunnel as
cloudflared tunnel run portainer
NOTE: For example.dev and portainer.example.dev in my case, I use Full (Strict) SSL at SSL/TLS tab.
Despite the portainer.example.dev, for the example.dev (naked domain) I am using “Cloudflare Origin CA Certificate” and “Authenticated Origin Pulls” → doesn’t matter, but just to mention.
Local RPi doesn’t have SSL certificate, running only on HTTP.
However, in my config file it has https://localhost:9443.
Therefore, the noTLSVerify parameter set to true.
And default service http_status:404 at the end.
CNAME tunnel hostname is proxied 
.
Working for me, CNAME was created via cli:
On my local desktop PC via local ISP:
Portainer interface visible and running on the localhost on my RPi4 via RDP on my Windows OS and also in my Web browser via portainer.example.dev. In the background can be seen the Terminal running on my RPi4 too.
On my mobile phone via mobile data (4G LTE network):
Questions:
I wonder if we’ve missed some step in your case
Otherwise, maybe the ISP is blocking something, like port on the device (router), etc.?
Helpful resources which I’ve checked and followed and achieved the same: