CloudFlare Tunnel For WordPress Through docker-compose

I want to run a WordPress site using docker-compose and expose it via a Cloudflare Tunnel. I’ve spent a lot of time trying to get things to work as needed, most of my time was figuring out what the heck was going on when the live logs outputed:

{
“ingressRule”: 0,
“error”: “Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:MY_PORT: connect: connection refused”,
“connIndex”: 1,
“originService”: ~localhost:MY_PORT"
}

After the above, I arrived at: ~502-bad-gateway-with-minimalistic-docker-ubuntu-http-setup/507564, where the solution states:

"The issue is related to using localhost within the cloudflared container. In this case, localhost will be the cloudflared container’s loopback interface rather than the host machine’s loopback interface.

The correct way to connect two containers is to put them in the same Docker network. This will allow you to specify ~web-server as the origin, assuming the web-server container is called web-server.

Docker will automatically create a shared network for containers in the same compose project. If using docker run you need to manually create a network and specify it using --network when starting the container."

So, I updated my docker-compose.yml file (below) and:

  1. My environment variables work
  2. I’ve run docker logs my_tunnel amd it doesn’t seem like there’s any errors
  3. My tunnel shows up “Healthy” in Cloudflare
  4. I understand - I think that the cloudflared container and my wp container need to be in the same network

What I don’t understand

  1. What I do from here; in the Cloudflare web interface, what I input in “Public Hostname”; I always get confused about how docker handles localhost & 127.0.0.1
  2. Why am I still getting?:

{
“connIndex”: 0,
“originService”: “~localhost:MY_PORT”,
“ingressRule”: 2,
“error”: “Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:MY_PORT: connect: connection refused”
}

Here is my docker-compose.yml file
version: ‘3.8’

services:
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
networks:
- cloudflare_mydomain

wordpress:
depends_on:
- db
image: wordpress:latest
ports:
- “${WP_PORT}:80”
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
volumes:
- wordpress_data:/var/www/html
networks:
- cloudflare_mydomain

cloudflared:
image: cloudflare/cloudflared:latest
container_name: mydomain_wp
command: tunnel --no-autoupdate run --token ${CLOUDFLARED_TOKEN}
# command: sh -c “echo Token is: ${CLOUDFLARED_TOKEN} && sleep 3600”
networks:
- cloudflare_mydomain

curl-test:
image: curlimages/curl:latest
command: sh -c “sleep 30 && curl -Lv http://wordpress:80
depends_on:
- wordpress
networks:
- cloudflare_mydomain

networks:
cloudflare_mydomain:
driver: bridge

volumes:
db_data: {}
wordpress_data: {}

You want your tunnel config to be http://wordpress.

This is because localhost on docker points to the container that is running. When you have the containers in a same docker network (that isn’t the default bridge network) then you can route to them via the container name.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.