I want to expose vnc running inside a docker container to cloudflare so I can browse my desktop inside a broswer

I have docker image with sway window manager installed on it. Sway is alternative to xfce, gnome etc. I am running a vnc server on my image on port 5900. I have mapped that port to my local host 5910 and I can access my vnc server on my local host on port 5910 using a vnc viewer. I want to expose the port 5900 running inside the container to Cloudflare tunnel so that I can run my vnc server inside a browser on a custom domain on Cloudflare. Howerver I am not able to do so. I don’t know what am I missing or is it even possible to expose the vnc server running inside a docker image to Cloudflare tunnel. I even tried mapping the port to my local host port and then exposing that port to Cloudflare but Cloudflare doesn’t seems to pick up my vnc server.

Here is the link Cloudflare provided to render a vnc client in browser

[rendering vnc client in browser using cloudflare](https://developers.cloudflare.com/cloudflare-one/tutorials/vnc-client-in-browser/)
But I guess this link is only useful if I want to expose my PC on Cloudflare on a custom domain.

What is the config you are trying to use to connect to the docker container to cloudflared?

Through the dashboard I don’t see a vnc option. but if I create a tunnel from terminal the config file for my tunnel looks like this:

tunnel: swayforfun
ingress:

  • hostname: vnc.swayforfun.win
  • service: vnc://localhost:3000
  • service: http_status:404

I also tried putting the direct ip of the docker container running that image but nothing seems to work. using localhost:3000 I can see the rdesktop on my local system using a vnc viewer.
I even tried changing vnc to tcp.

@Cyb3r-Jak3 I don’t know even if its possible to expose a vnc running inside a docker to Cloudflare.

Please note that the above port I have changed for testing purposes. It doesn’t works on any port so I changed it to see if it will work on any other port . @Cyb3r-Jak3

It doesn’t look like VNC is a supported protocol for a config file. Ingress rules · Cloudflare Zero Trust docs. You probably have to do standard TCP to the port. Browser rending is something that can only be set when using the zero trust dashboard, as it is part of the Access Application and not the tunnel.
See Additional Settings on the setup section when creating an access application.

I would try making the tunnel through zero trust dashboard (just easier to change) and then make the access application that has browser rendering set to VNC.

Yeah this is for application. I want to expose it through tunnel

image
@Cyb3r-Jak3

Please note that I don’t want to render my laptop screen on a public host rather a window manager running inside docker.

Ah my bad, this is way more complex then.
My guess is:

The config you’ll need on the server (your laptop) is

tunnel: swayforfun
ingress:

    - hostname: vnc.swayforfun.win
      service: tcp://localhost:3000
    - service: http_status:404

then where the docker container is running, you will have to make a new cloudflared docker container, autheicate with it and have it run cloudflared access tcp --hostname vnc.swayforfun.win --url localhost:9210 (or a different port) then the window manager needs to connect to that client container by using <docker image name>:<port> and I think it should work. I haven’t tested having a docker container locally be the access proxy.

You’ll probably need to use service authentication on the client docker container to make the login easier

The authentic method is to run a cloudflared docker image in a docker network and then run the custom image in the same network so both the containers can communicate using the names of the containers. and expose a port so that can be used to view the image in a vnc viewer or to Cloudflare. But that’s not working. I tested it for images with HTTP protocols. They work fine like a charm but with TCP it doesn’t works. I tested it for linuxserver webtop and nginx image. it worked but for my custom images seems like it doesn’t picks up the vnc port though I am able to open the vnc port on my local host using a vnc viewer.

Sorry for the late reply. I am new to Cloudflare so Cloudflare only allowed me have to limited replies which is weird in community forums. The above method you stated did not work either. I even tried running cloudflared docker image first in a tunnel so to authenticate and then run my custom image in the same network as Cloudflare image was running. But when I visit the subdomain it goes to infinite loop. I also open ports so incase if firewall is blocking but nothing worked so far. so I am out of ideas. Again thank you for your valuable replies @Cyb3r-Jak3