Multiple tunnels for Multiple Different Servers

I am trying to wrap my head around this one …

I would like to configure different subdomains & tunnels for different servers (hosts):

  • server1.mydomain.com
  • server2.mydomain.com

I could get SSH tunnel working on server1.mydomain.com.

As soon as I introduced server2.mydomain.com, the tunnel that I intended to create for server2.mydomain.com is also connected to server1.mydomain.com.

I read the tunnel-permissions article … So it would appear that the certificate for the top-level domain grants automatically access to ALL tunnels for ALL connected servers.

cloudflared tunnel list shows 2 entries on both hosts.

From the dashboard it would seem that the 2 subdomains point to different IP addresses / hostnames, so it should work.

I can ssh into server1.mydomain.com successfully, but when ssh into server2.mydomain.com I just get

kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

Is there a way to achieve what I want, using different subdomains, but keeping the same top-level domain ?

Thank you for your help :smiley:

Can you share a screenshot of your tunnel config? Also, worth checking your WAF events log so something cloudflared can be blocked when it tries to make connections.