Cloudflare tunneling is not working with docker Networks

user2956 · December 30, 2022, 2:06pm

So I am currently using Tailscale+ ufw rules to lock-down my server, The Tailscale is on bare metal installed directly onto OS (Ubuntu server)

my ufw staus is

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed) 
New profiles: skip To                         
Action      From --                         ------      ---- 
Anywhere on tailscale0             ALLOW IN    Anywhere
22/tcp                                        DENY IN     Anywhere
Anywhere (v6) on tailscale0      ALLOW IN    Anywhere (v6) 
22/tcp (v6)                                 DENY IN     Anywhere (v6)

I have setuped a docker network named tunnel in bridge mode

[
    {
        "Name": "tunnel",
        "Id": "xxxxxxxxxxxxxxxxxxxxxxxxx",
        "Created": "xxxxxxxxxxxxxxxx",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "192.168.128.0/20",
                    "Gateway": "192.168.128.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Ingress": false,

am using a docker compose file to run a cloudflared container while attaching it to the same network network ,My docker compose is

version: "3.8"
services:
    tunnel:
        container_name: cloudflared
        image: jonoh/cloudflared #or cloudflare/cloudflared
        restart: unless-stopped
        command: tunnel run
        environment:
        - TUNNEL_TOKEN=
networks:
  default:
    external:
      name: tunnel

, I have another simple http Contaner rendering some static website connected to same network

i can ping cloudflared container with docker name so they are definitely connected and docker is resolving them but when i start a new tunnel by configuring them in panel and when visiting the website i get 502 error and on docker logs i get this error

2022-12-30T13:07:17Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 192.168.128.4:1001: connect: connection refused" cfRay=xxxxxxxxxx-BOM ingressRule=0 originService=http://ping:1001

2022-12-30T13:07:17Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 192.168.128.4:1001: connect: connection refused" connIndex=0 dest=https:/domainname.com/favicon.ico ip=198.41.192.27 type=http

I have tested both docker images official as well as unofficial and am kind of lost in debugging is it my firewall rules ?? any help will be very much appreciated

Shawl6881 · January 28, 2023, 6:43am

I am having the exact same issue, am trying to use Cloudflare with another docker container, but if I specify the same network I get an error and my Cloudflare agent won’t connect

Shawl6881 · January 28, 2023, 7:14am

After a while I think I managed to solve it, but not in the fanciest way. What I did was as follows:

Create a docker network docker network create tunnel
Run docker without specifying the network docker run -d --name cloudflare cloudflare/cloudflared:latest tunnel --no-autoupdate run --token
Add the docker to the network docker network connect tunnel cloudflare
Run the container (note the container should have, as you specified, the network name identical to the one you created earlier, but Cloudflare should not be in your docker-compose file) docker-compose up
In the Cloudflare tunnel config, you will have to specify the docker internal address of your container. You can identify the address with docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container

This solved my issue and I am now able to access my container from the internet.