Cloudflare tunneling TCP traffic without cloudflared on client

fedenusy · April 26, 2023, 4:29pm

Hi, I have mongodb running inside WSL2 Docker Desktop k8s. I want externally-hosted tools, like Grafana and Retool, to query the mongodb instance.

From what I can tell, the only ways to tunnel mongo’s TCP traffic is through:

A Zero Trust Access app
Cloudflare Spectrum (Enterprise plan)

#1 won’t work because the backends for Retool / Grafana / etc cannot run cloudflared-- so they cannot rely on the Cloudflare Access identity providers. Instead they need to rely on MongoDB’s native username & password.

#2 won’t work because this is a hobby project, not an enterprise deal

Am I missing anything? Any way that within my current plan, I can tunnel TCP traffic WITHOUT requiring clients to run cloudflared?

Cloudflare tunnels for my HTTP(S) traffic work great. Would love to have the same for arbitrary TCP…

albert · April 26, 2023, 4:35pm

Cloudflare can use a single IP for multiple customers (and therefore not require that clients use cloudflared) because HTTP requests include a Host header telling which site the request is intended for. Most other protocols don’t have a feature like that, so Cloudflare would have to assign separate IP addresses for each application. IPv4 addresses aren’t cheap which is why this isn’t offered.

fedenusy · April 26, 2023, 5:06pm

Thanks that makes sense. Off the top of your head, do you know of any good / easy solutions for my use case?

Just tried ngrok but their k8s ingress controller does not yet support TCP.

system · May 11, 2023, 5:07pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.