Cloudflare Tunnel to docker container application

I have set up a Cloudflare tunnel. It works fine if I use the ip of a docker container app but if I use docker dns it does not.
Working example:
Service set to http://172.18.0.2:8096

Not working:
Service set to http://myapp.docknet:8096


Troubleshooting steps
I set the dns record to go to my ip on port 443. That port is forwarded to my caddy instance.
caddy has a config (as follows) that works as expected.

myapp.myurl.com {
        reverse_proxy myapp.docknet:8096
}

I’ve also tried ping myapp.docknet with and without sudo and it resolves the correct IP for the container.

If I use the -p flag in my docker command and set service to http://localhost:8096 it works fine, so I have an easy fix, but I’d like to not have to open those ports on my machine if possible, especially since I have a bunch on 80 or 8080 that collide and keeping them organized will be a pain.


I tried searching for this but didn’t see much. It’s possible I missed it somehow so please let me know if this has already been answered.

Also, I may need to change the category. The only other option was “Performance: Cloudflare Tunnel” and this isn’t a performance question.

How are you running Cloudflared? If you are using docker, then you can just use the cloudflared container. If you are already using docker, then you need to make sure that you are not using the default bridge network.

Cloudflared was built from source and is running on the host machine. I just tried the docker container and it routes properly using the docker dns and bridge.

If you are already using docker, then you need to make sure that you are not using the default bridge network.

Is there a reason I shouldn’t use the default bridge?

The default docker bridge doesn’t support DNS between containers:

Containers on the default bridge network can only access each other by IP addresses, unless you use the --link option, which is considered legacy. On a user-defined bridge network, containers can resolve each other by name or alias.

Ahh, thanks. I created the docknet bridge so it works fine. I had no idea the default bridge didn’t do DNS, but must have at some point if I created my own.

It’s still weird that I can ping from host but the host version of cloudflared didn’t work. I’ll just use the docker version.

Thanks for the help.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.