I have seen similar issues posted but none that have provided any solutions to my problem. I’m running Cloudflared in a Portainer docker container on Ubuntu 22.04 LTS behind a pfSense router. I first set up the connector based on a simple youtube tutorial and everything worked fine. I set it up with the docker command from the Cloudflare website. I used Ombi (Plex media request site) as the first test and everything worked. The Ombi container is set up with its own IP on my LAN. I added a few other hostnames including Home Assistant which doesn’t have its own IP. It’s within the Docker network and they all worked.
After these tests, I decided to create a Stack(Docker Compose in Portainer) for Cloudflared since that is how I manage most of my other containers. I shut down my previous container and configured the new stack which deployed successfully and connected to Cloudflare. But now I get 502: Bad gateway errors when trying to reach Ombi and Plex which both have their own IP addresses on the LAN. The container log shows “no route to host” for both when I try to access them. I can access other hostnames that are inside the Docker network like Home Assistant.
What I don’t understand is how all this worked the first time I set it up with just the Docker run command but now it doesn’t with the compose configuration. I’ve included it below. It appears that cloudflared can’t access anything outside of the Docker network but I don’t know if that’s really the problem or how to fix it if that is the case. I reduced the compose file down to just what was in the original command but it still has the same behavior. I even deleted everything from Cloudflare and Portainer, then started fresh with a new tunnel and container with the same results. I would appreciate any help understanding what is going on with this.
version: "3.9" services: tunnel: container_name: cloudflared_tunnel image: cloudflare/cloudflared:latest restart: unless-stopped volumes: - /home/containers/cloudflared:/.cloudflared command: --edge-ip-version 4 tunnel --no-autoupdate run environment: - TUNNEL_TOKEN=<mytoken>