Tunnel cannot access API (connection refused)

The situation:
I have a Tunnel to a docker swarm node, in that docker swarm is a 3x replicated api
If I open the browser and go to localhost:7878/swagger I see the api working

BUT: If I configurate the tunnel to connect to http://localhost:7878 I get “connection refused” errors inside the tunnel.
In other words: the tunnel cannot reach the service I was hoping to expose

Both the tunnel-service and api-service are in the same stack and same network.

What I want:

  • one tunnel per swarm node
  • multiple api-replicas per swarm node
  • one cloudflare-tunnel-url to access the api (using docker swarm mesh VIP to get round robin access to each api instance)

Can someone please help me?
version: ‘3.4’


image: cloudflare/cloudflared:latest
- tunnel
- --no-autoupdate
- run
- --token
condition: on-failure
- testproject

image: dockersamples/visualizer
- “/var/run/docker.sock:/var/run/docker.sock”
- “8090:8080”
- node.role == manager
- testproject
image: mydockerrepo/apitest:latest
- “7879:8080”
mode: replicated
replicas: 3
endpoint_mode: vip
- testproject

driver: overlay
attachable: true
external: true

Localhost of the tunnel is the tunnel container. Try having the tunnel config set to http://<service name>:7878.

Docker service ls
tqgvcjtaz6va testing_api replicated 3/3 testproject/apitest:latest *:7879->8080/tcp

http testing_api:7879

Should go to the service right?

But the weird thing is… If I test it on my local machine(Docker host) I can get t the service by anything.

http://anything:7879/swagger/index.html => gives me the result page
http://anything_2:7879/swagger/index.html => gives me the result api for instance 2 of the api

OK, and to top it off…

I just added a SQL server to the stack (one instance on manager node) with name sql-server-db
And it is perfectly reachable from the api instance on testing_sql-server-db

So the question really is: Why can my cloudflare tunnel not access the API instance while on the same Docker network?

Should have caught this the first time.

Try having the tunnel config set to http://<service name>:8080.

IT WORKS!! you are a genius… :heart:

Can you explain what I was doing wrong? because all my other tunnels I always point to the external port. Is this working differently in swarm mode?

It is because it is the same docker network. When you map a port, you say how you want to expose it and docker basically does a port forward. So docker was listening on 7878 and sending that traffic to 8080 of the container. When you have containers on the same network, they connect directly and not through the docker bridge network and thus the actual port is needed.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.