Unable to access to local services using ingress rules

I have a tunnel working successfully using url property inside a config.yaml . A new requirement came and now I need to expose another service (SSH) so I found out ingress rules are a good option to avoid having two tunnel instances. This is my new config.yaml :

tunnel: UUID
credentials-file: /home/seluser/.cloudflared/UUID.json

  - hostname: CNAME.my-domain.com
    service: http://localhost:7900
  - hostname: CNAME-ssh.my-domain.com
    service: ssh://localhost:22
  - service: http_status:404

Some facts:

  • Using ingress rules with above setup broke existing tunnel (using url property). Now both services are unreachable
  • Testing SSH without tunnel (remote and locally) works
  • config file validation says that yaml is ok - cloudflared tunnel ingress validate
  • rule test matches with expected rule - cloudflared tunnel ingress rule ssh://CNAME-ssh.my-domain.com
  • logs show no activity when I try to hit services
  • in dashboard all looks good, a tunnel created with couple of rules, though I canĀ“t see target ports

Any idea what can I be missing? Anything else I can check?