Zero Trust - Network
Hey all, quick question. I'm setting up portainer and trying the zero trust docker container version. I'm running in detach mode. If I don't specify a network, will it use any of them? This means my egress settings could be linked to any ip address created in the docker ecosystem.
5 Replies
The reason I ask, is trying out the zero trust tunnel, from the browser I can hit http://127.0.0.1:22000 no problem.
The log says: 2023-07-08T19:51:44Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:22000: connect: connection refused" connIndex=3 dest=https://icore.xeven.io/ event=0 ip=198.41.192.77 type=http
All things considered, I should be able to route to it. Everything was built using the interface, so I didn't fudge the DNS record by manually setting it up. token should be the same, right?
My guess is you need to change the destination. If it points to localhost then it is the locahost of the docker container and not the host system. If you want to use the host system then it should be
host.docker.internal
instead of localhostI'm not sure I follow... but are you saying I should run the cloudflared docker container and specify to use the host network?
docker run -d --network host cloudflare/cloudflared:latest tunnel --no-autoupdate run --token <token> like this?
docker run -d --network host cloudflare/cloudflared:latest tunnel --no-autoupdate run --token <token> like this?
You'd run the container like normal but in the tunnel configuration you would replace
localhost
with host.docker.internal
Gotcha... Thanks, I'll give that a try. Appreciate your help