Hitting a Wall: cloudflared and MySQL - A Mismatch or a Misstep?

Zero Trust Cloudflare Tunnel
1

I’ve successfully set up cloudflared tunnels for HTTP-based applications without issues. However, when attempting to tunnel MySQL traffic over port 3306, connections consistently fail or hang. I’ve tried both Dockerized and standalone installations of cloudflared directly on the MySQL server to eliminate variables. While direct connections to MySQL using its IP and localhost work flawlessly, any attempt through the Cloudflare tunnel remains unsuccessful. I suspect there might be limitations or issues with tunneling non-HTTP traffic, specifically on port 3306. Assistance would be greatly appreciated.

History

  1. Docker Setup:
  • Deployed cloudflared within a Docker container.
  • Set up MariaDB within a separate Docker container.
  • Configured and attempted to establish a tunnel between the two containers.
  • Encountered issues with the MySQL connection over the Cloudflare tunnel.
  1. CentOS Setup:
  • Installed MariaDB natively on CentOS.
  • Deployed cloudflared using Docker on the same CentOS machine.
  • Attempted to establish and test the Cloudflare tunnel to the native MariaDB installation.
  • Faced similar connectivity problems as with the Docker setup.
  1. Ubuntu 22.04 Setup:
  • Installed MariaDB natively on Ubuntu 22.04.
  • Initially, native cloudflared using Ubuntu install script to connect to the native MariaDB.
  • Faced connectivity challenges.
  • As a diagnostic step, installed cloudflared directly onto Ubuntu 22.04 (outside of Docker) to determine if Docker was causing the issues.
  • Despite bypassing Docker, the connection issues persisted.
  1. General Diagnostics:
  • Tested direct connectivity to MariaDB using its IP and localhost. Both were successful.
  • Carefully configured MariaDB to listen on the appropriate IP addresses and ensured there were no binding issues.
  • Ensured the MariaDB user permissions were correctly set up, allowing for remote connections.
  • Tried various cloudflared configurations and ingress rules to establish a connection to MariaDB.
  • Tried various cloudflared configurations and ingress rules to establish a connection to MariaDB.
4

To use cloudflared with TCP, you need to have it installed and logged in on your client as well.
See Arbitrary TCP · Cloudflare Zero Trust docs

1 Like