How to use docker and Cloudflare Tunnel to expose local services to the Internet
HTML-код
- Опубликовано: 22 авг 2024
- I was using my personal VPS in many of videos. When you don't have a VPS and need to expose your local services to the internet, Cloudflare Tunnel comes to rescue. This tool is so easy to use and I think everyone should at least know about it.
You can find the related blog post at
tech.aufomm.com/
I have multiple http docker apps running on different ports on the same vm. How do I map each one with a domain name and be accessible on https, and also have any http traffic redirected to the https url?
I was looking for tunneling thanks it helped a lot.
Thanks for the video it helped me out a lot.
Awesome, can we use it on VPS too without exposing docker ports of the containers that server services?
Yes. These docker service will be exposed by cloudflare.
@@liyangau I mean how can I not expose publicly the port of the dockers and let the cloudflare create a tunnel with a container thru just his container name for example
Interesting video.. thank you for posting. How would you use this with portainer as your docker manager?
awesome vid, I have a question regarding POST request, for some reason I got an HTML response saying Cloudflare needs to review the security of your connection before proceeding.
cloudflared dont work, it just errors out... I tried to setup portainer on port 9443, but nothing goes thru
Hi there, I'm getting access to the Portainer but when I add another container in the Cloudflare I don't have access, in the network tab says blocked! Ideias? Thanks
Really helpfull. Thanks!
only thing is exposing application on host not on docker is notworking on Windows Machine actually because you created another network which is called tunnel it seems somehow docker it self can not access my machine's 8080 port
First - Excellent RUclips Channel. Did you really quick your day job to do RUclips? Kudos to your vidio editor too. 🙂 My question is. I currently expose a random port on my firewall and then use Cloudflare Origin rule to rewrite 443 to the random rule that I have open on my firewall - then port Forward from random port to 443 to my Nginx proxy server. And now for the question. With CloudflarD Tunnels, do I still need Nginx? Cuz the last two times I installed this on my Docker it broke my RPI. Thank you and keep up the good work.
Chris
Hi Chris, thanks for leaving your comment. I wouldn't dare to call myself a RUclipsr as I don't post very frequently. Too busy with my day job.
Anyway, as to your question, I am not sure where you install the cloudflared and what you use Nginx for?
Do you use Nginx as reverse proxy? If that's the case, you can probably use Cloudflared to replace Nginx and forward public traffic to your internal applications.
Really helpfull. Thanks!
Will your demo still work if I decided to use docker , docker-compose and portainer to manage my container applications? I want to create a folder "appdata" and place all my self-hosted apps in there. Then use Cloudflare tunnel to access them. Also I want to use an authentication docker app (ex.authelia or authentik) to protect my web apps. Is this all feasible using your demo example?
Hi Sean. Yes, you can do that with this concept because you can add all your docker containers on the tunnel network. As for the authentication app, I am not sure, but you can use teams to restrict access to your tunnel that can contain both web applications and a local network access. After this is all setup you can use Portainer to manage your containers, that's what it was made for!
Finally! I've been searching this for a week. But why can't the cloudflared container connect to localhost? I've used the gateway as in this video but it says 127.0.0.1 refused to connect. Is it because of the cloudflared version? I'm currently using the latest image.
Edit: Looks like the trouble is caused by using docker desktop with wsl2 backend. Still not solved tho.
Edit 2: It turns out in the cloudflare dashboard I need to specify it as host.docker.internal:port . Not gateway-ip:port as in this video. In case someone get the same trouble as me, try this!
Thanks for leaving your comment and solution.
This is also mentioned on my blog post here tech.aufomm.com/how-to-use-cloudflare-tunnel-to-expose-multiple-local-services/#Find-Gateway-IP
I will remember to include some details on my next video.
spend several hours on putting localhost in cloudflare setup as well. Then this video use docker container name which fix the issue!!
thanks for this video, trying to apply this method but it's asking for my payment details although I am choosing the free plan, did you face this issue?
The content is nice !! But its in ..." I KNOW EVERYTHING MEANS EVERYONE KNOWS EVERYTHING MODE" ..you are not talking to viewer..you are talking to yourself bro...and enjoying also....you are on a bike and we are walking...please be little elaborative....thanx
sir please tell me why i am seeing 502 constantly on wp site , i did the same like you did but i am using wordpress deployed by portainer when i added domain or sub domain to the ip of my wp site which is like 192.168....:66550 it shows 502 so i deleted wp stack, image etc and again deploy wp site then added new ip of address which had a different port like 192.168...:3456 then my domain redirects to previous port and showing error because there isn't any site on that
Thank you so much i seen an increased speed with this method. Is there a way to get cloudflare tunnel working with Nextcloud or seafile ios app I keep getting server is temporary down. But through the web browser of my phone or computer it works fine.
Great video! I’ve had a lot of trouble setting up a tunnel for a database. Cant find useful info on it either. Can you make a video for setting up a cloudlflare tunnel with redis db?
Hi @onedjscream, redis requires tcp tunnel and I have to say cloudflare's tcp tunnel is not the easiest to use since it requires the cloudflared application to connect.
I would suggest checking out ngrok (I also have a video on my channel) and their TCP tunnel works. (I just tested)
I hope it helps.
Do you know how to use tcp agent to access svn server in local?
The video is very helpful thanks but I want to know while adding an A record where to get the IPV4 address ?
You are not creating a A record. What you create is a routing rule. Cloudflare takes care of the A record for you and the IP of that A record is the entry point of cloudflare edge.
@@liyangau I get the idea that you create a network in your docker networks named tunnel and you run the cloudflared image in that network and you run other images in that network so the cloudflare and other images can communicate and when I followed your blog and video I got the output from both nginx and echo image. I am having trouble running my custom image as its a vnc type of image i.e I have used alpine as a base image and have installed sway window manager on it. sway is simple a window manager just like gnmore, x11. I have exposed a tcp port 5910 on that image and when I map it to a local host I am able to view it through a vnc viewer. I even integrated that image with tailscale. It was so easy on tailscale. I am having hard time exposing that image on cloudflare. Your help might save me enormous time. Please do let me know how can I expose my image to cloudflare as it is not an http. Maybe I am using wrong protocol.
thanks bro
Hi Li Yang, I want to set tunnel for SSH in my home server, can I do it , is the procedure same.?
Yes, you can do it.
The procedure is similar, what you need is to create a TCP tunnel to your host machine and use ProxyCommand on the related entry on your $HOME/.ssh/config file.
Personally I think it is too much for SSH access. If you don't need to use custom domain for SSH then Ngrok is a better choice.
You can find more info about using ngrok to create a tcp tunnel for ssh on this blog post tech.aufomm.com/how-to-use-ngrok-with-docker/#TCP-tunnel-for-SSH
is it possibe ignore the access policy in some cases? e.g. not need the onetimepin when running a CI/DI pipeline
Hi Wade, do you mind sharing a bit more detail of what you are trying to achieve? I am curious to know how you want to integrate this tunnel into a CI/CD pipeline.
@@liyangau sure, i'm wanting to use bitbucket pipelines to connect through a SSH tunnel to deploy specific branches to my different development environments. by default when adding an argo tunnel it will have the access policy for onetimepin I am wanting to bypass this for my CI/CD environments. still want to have an additional layer of security so if this can be done by adding the Cloudflared API key or SSH public key or even OpenID connect happy with this but I don't see these policy options?
what is the linux distro you use and tools, it looks fantasic, especialy the font.
Thanks. I am running PopOS + Kitty terminal with JetBrains Mono Regular font
normally you see 502? what does that mean? "normally"
If I understand correctly you are referring to 3:52 where I showed the screenshot that cloudflare returned a 502 page when the backend app is not running. Is that right?
How to expose service on vm as im using or proxmox
The official doc is a pretty good starting point if you prefer to run this without docker.
developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/
I have been trying to figure this out but I am kinda a noob. I have the tunnel active and created via dashboard in docker container. is it possible to create public host name that connects to a private ip like 192.168.1.x:xxxx ? or is it possible to expose by adding private network instead like 192.168.1.x/32 in cidr. I have tried this but I get 404 for 502 error. What i am trying to do is expose my local home assistant my public domain name. not sure if this possible though the way I am thinking.
Is your local home assistant running on docker? If yes then you can run cloudflared in the same docker network. If it is running on host, you can access this service via gateway ip.
As long as cloudflared container can access your home assistant, you should be able to use the tunnel to expose it.
@@liyangau I believe I have the tunnel exposing it now.Thank you so much your video helped me alot. it had alot of useful info that helped me get this far. I just have to figure out how to set up firewall or some kind of policy/rule or somthing that will take the public subdomain that links to my home assistant and only allow connection from 3 different mobile phone for Home assistant companion app for each family member. I have no idea how to do this and I been reading for hours lol.Dunno what is the best way for this. At the moment anyone who goes to my public subdomain will land at my Homeassistant login. I want more security so I want to block all except those 3 phones.I put other services behind app launcher with google identity provider but I do not know what rules to set up for this aswell to only whitelist the 3 phones. I was able to onboard the 3 mobile phone with warped and added Google authenication but I am still not sure how I will lock access to just allow only the mobile phones and no other device. Sorry for the long reply and thanks again for the great tutorial.
这就利害了,受众已经没啥中文的了。 留言全是英文, 我来码个中文字吧。 我这边在搞halo博客,用的是你的treafik教程,葫芦画瓢,没有成功。希望得到帮助。感谢
我讲的内容本身受众就小,中文就更没人看了。所以现在中文版我都只发b站,有兴趣可以去那边看看。
如果有什么问题可以在对应的视频下方留言