How to get Cloudflare Tunnel to connect to the local IP service

May I interrupt…? I have almost exactly the OP’s setup except using debian and docker containers for AdGuard Home, Nginx Proxy Manager and some services
I just not as advanced as you guys… I wonder how to achieve this today.


Sorry to hear you are having some issues with tunnels. Is this a dashboard deployed tunnel or done via the CLI?

If you can share a little more information on what you are trying to achieve with those services we may be able to guide you in the right spot. Do you have any errors or screenshots to provide?

Anything presented to help us understand your issue is greatly appreciated.

1 Like

Hi Eportillo thanks for the reply!
Sorry I got the post to open like this…

I have a few services (Immich, Nextcloud etc) I wanted them to be accessible from the wide web only by me and my family and friends.
I also planning to build and deploy a public website for a product I’m selling and maybe a public portfolio.

My goal is to “restrain” clients to access my server directly (like a redirect in my DNS resolver) instead of going though the whole Cloudflare rollercoster trip :slight_smile: only when they are connected to the same LAN as the server.
I’m using AdGuard Home as my DNS server and services are all behind Nginx Proxy Manager. All within the same machine in my LAN as Docker containers.

My LAN is behind a CGNAT so the whole tunneling sounds right to me…?
I’m using Cloudflared for tunneling few of the services. I took the docker run command from ZeroTrust and incorporate it within the docker-compose.yml file of the corresponding service.

Best check (before reading logs and running ping\nslookup) is trying to (let’s say) upload a video to my Immich service.
When uploading from “outside” my LAN, it uploads at a lower rate as expected.
It is also uploading blazing fast when uploading from a device within the same LAN as the server, but only when using AdGuard’s DNS…
When changing to a custom DNS, f.ex setting even cloudflare as a DNS in FireFox settings (under DoH) are sluggish again, even though the device and the server literally on the same network.
Can it be enforced even if a client decides to use different DNS?

I tried (thanks to ChatGTP lol) a WAF rule to skip “everything” when (ip.src in {}) but it doesn’t work (by the activity indicator beside it)

I hope I’m not forgetting anything…
thanks for the help!