Cloudflare Tunnel on Oracle VM in a Docker Container

Published by necrolingus on

Cloudflare Tunnel on Oracle VM in a Docker Container

I could not get cloudflared to work on my Oracle VM when running it as a Docker container. I could see the tunnel is connected in Cloudflare Zero Trust, but I could not successfully expose an application running as another docker container. Cloudflare will just respond with a 523 error.

The solution was to create a bridge network, then puth both the cloudflared container in that bridge, as well as all the other containers I wanted to expose via the tunnel. And then in Cloudflare Zero Trust, you provide the container name and port as the service.


Docker Configuration

I am using Portainer, so I will show it from a portainer perspecitve.

Step 1: Create a new docker bridge network

Just create a new bridge network, don’t worry about anything else excecpt the name and network type which should be bridge. Keep everything else default.

cloudflared in docker in an oracle vm new network

Step 2: Update your cloudflared Docker Compose file

Next, update the docker compose file for your cloudflared container so that it will be in your newly created network.

services:
  cloudflared:
    image: cloudflare/cloudflared:latest
    container_name: cloudflared
    restart: unless-stopped
    command: tunnel run --token eyJhIxxxx
    networks:
      - cloudflare_tunnel

networks:
  cloudflare_tunnel:
    external: true

Step 3: Update your application’s Docker Compose file

Next, do the same for the applications you want to expose via this tunnel. They have to be in the newly created bridge network.

Notice how you don’t have to expose your container’s port to the host (see red below).

services:
  my_app:
    image: ghcr.io/necrolingus/my_app:latest
    container_name: my_app
    restart: always
    env_file: stack.env
    ports:
      - 5010
    networks:
      - cloudflare_tunnel

networks:
  cloudflare_tunnel:
    external: true


Cloudflare Zero Trust Configuration

When adding your public hostname to your cloudflare tunnel, make sure to add the name and port of your container. See the section in red.

Cloudflare tunnel docker oracle public hostname configuration

Because your application container and cloudflared are now running in the same network, you don’t have to expose your container’s port to the host anymore, and you can just use your container name and port as the service as in the screenshot above.

Categories: DockerSecurity
Tags:

necrolingus

Tech enthusiast and home labber

Related Posts

Docker

Running Node-RED with Home Assistant in Docker

How to run Node RED in Docker when Home Assistant is also running in Docker? When you’re running Home Assistant the “normal” way, i.e. not in a container, you can install Node Red using Add Read more…

AI

How to use Azure OpenAI with Open WebUI

Using Azure OpenAI with Open WebUI This post will cover how to use Azure OpenAI with Open WebUI and LiteLLM (without Ollama) in order to connect to an OpenAI model hosted in Azure AI Studio Read more…

Docker

Semaphore UI – Ansible GUI

Semaphore UI – not just a GUI for Ansible Semaphore is actually more than just an Ansible GUI. It can also add Terraform, OpenTofu, and batch scripts. I will be moving my Ansible tasks over Read more…