Cloudflare tunneling TCP traffic without cloudflared on client

Hi, I have mongodb running inside WSL2 Docker Desktop k8s. I want externally-hosted tools, like Grafana and Retool, to query the mongodb instance.

From what I can tell, the only ways to tunnel mongo’s TCP traffic is through:

  1. A Zero Trust Access app
  2. Cloudflare Spectrum (Enterprise plan)

#1 won’t work because the backends for Retool / Grafana / etc cannot run cloudflared-- so they cannot rely on the Cloudflare Access identity providers. Instead they need to rely on MongoDB’s native username & password.

#2 won’t work because this is a hobby project, not an enterprise deal :slight_smile:

Am I missing anything? Any way that within my current plan, I can tunnel TCP traffic WITHOUT requiring clients to run cloudflared?

Cloudflare tunnels for my HTTP(S) traffic work great. Would love to have the same for arbitrary TCP…

Cloudflare can use a single IP for multiple customers (and therefore not require that clients use cloudflared) because HTTP requests include a Host header telling which site the request is intended for. Most other protocols don’t have a feature like that, so Cloudflare would have to assign separate IP addresses for each application. IPv4 addresses aren’t cheap which is why this isn’t offered.


Thanks that makes sense. Off the top of your head, do you know of any good / easy solutions for my use case?

Just tried ngrok but their k8s ingress controller does not yet support TCP.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.