Zero Trust - Network

Hey all, quick question. I'm setting up portainer and trying the zero trust docker container version. I'm running in detach mode. If I don't specify a network, will it use any of them? This means my egress settings could be linked to any ip address created in the docker ecosystem.
5 Replies
CallMeDoc
CallMeDocOP2y ago
The reason I ask, is trying out the zero trust tunnel, from the browser I can hit http://127.0.0.1:22000 no problem. The log says: 2023-07-08T19:51:44Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:22000: connect: connection refused" connIndex=3 dest=https://icore.xeven.io/ event=0 ip=198.41.192.77 type=http All things considered, I should be able to route to it. Everything was built using the interface, so I didn't fudge the DNS record by manually setting it up. token should be the same, right?
Cyb3r-Jak3
Cyb3r-Jak32y ago
My guess is you need to change the destination. If it points to localhost then it is the locahost of the docker container and not the host system. If you want to use the host system then it should be host.docker.internal instead of localhost
CallMeDoc
CallMeDocOP2y ago
I'm not sure I follow... but are you saying I should run the cloudflared docker container and specify to use the host network?
docker run -d --network host cloudflare/cloudflared:latest tunnel --no-autoupdate run --token <token> like this?
Cyb3r-Jak3
Cyb3r-Jak32y ago
You'd run the container like normal but in the tunnel configuration you would replace localhost with host.docker.internal
CallMeDoc
CallMeDocOP2y ago
Gotcha... Thanks, I'll give that a try. Appreciate your help

Did you find this page helpful?