CD
Cloudflare Developers16mo ago
kayo

make container only accessable through tunnel

Hey, I want to make a paperless-ngx instance, but only want to make it accessable through cloudflare tunnel. does anyone have an idea how i could do that? Maybe through only exposing to 127.0.0.1:port?
14 Replies
Cyb3r-Jak3
Cyb3r-Jak316mo ago
If you can then use docker compose because it lets you route via host name of the container
kayo
kayoOP16mo ago
you mean this?
kayo
kayoOP16mo ago
https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.env
GitHub
paperless-ngx/docker/compose/docker-compose.env at main · paperless...
A community-supported supercharged version of paperless: scan, index and archive all your physical documents - paperless-ngx/paperless-ngx
kayo
kayoOP16mo ago
wait no that looks wrong
kayo
kayoOP16mo ago
this one i guess: https://github.com/paperless-ngx/paperless-ngx/blob/main/docker/compose/docker-compose.sqlite-tika.yml
GitHub
paperless-ngx/docker/compose/docker-compose.sqlite-tika.yml at main...
A community-supported supercharged version of paperless: scan, index and archive all your physical documents - paperless-ngx/paperless-ngx
Cyb3r-Jak3
Cyb3r-Jak316mo ago
Yeah if you add a cloudflared container to that then you can make the route configuration http://webserver:8000
kayo
kayoOP16mo ago
what exactly do you mean with that?
Cyb3r-Jak3
Cyb3r-Jak316mo ago
If you add something like 
cloudflared:
    image: cloudflare/cloudflared
    command: tunnel run
    restart: unless-stopped
    environment:
      TUNNEL_TOKEN: <tunnel docker from dashboard>
cloudflared:
    image: cloudflare/cloudflared
    command: tunnel run
    restart: unless-stopped
    environment:
      TUNNEL_TOKEN: <tunnel docker from dashboard>
you can have the configuration of the tunnel be http://webserver:8000 in the dashboard
kayo
kayoOP16mo ago
my yml looks like that, but doesn't work 
# This file contains everything paperless needs to run.
# Paperless supports amd64, arm and arm64 hardware.
# All compose files of paperless configure paperless in the following way:
#
# - Paperless is (re)started on system boot, if it was running before shutdown.
# - Docker volumes for storing data are managed by Docker.
# - Folders for importing and exporting files are created in the same directory
#   as this file and mounted to the correct folders inside the container.
# - Paperless listens on port 8000.
#
# SQLite is used as the database. The SQLite file is stored in the data volume.
#
# In addition to that, this docker-compose file adds the following optional
# configurations:
#
# - Apache Tika and Gotenberg servers are started with paperless and paperless
#   is configured to use these services. These provide support for consuming
#   Office documents (Word, Excel, Power Point and their LibreOffice counter-
#   parts.
#
# To install and update paperless with this file, do the following:
#
# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env'
#   and '.env' into a folder.
# - Run 'docker-compose pull'.
# - Run 'docker-compose run --rm webserver createsuperuser' to create a user.
# - Run 'docker-compose up -d'.
#
# For more extensive installation and update instructions, refer to the
# documentation.

version: "3.4"
services:
  broker:
    image: docker.io/library/redis:7
    restart: unless-stopped
    volumes:
      - redisdata:/data

  webserver:
    image: ghcr.io/paperless-ngx/paperless-ngx:latest
    restart: unless-stopped
    depends_on:
      - broker
      - gotenberg
      - tika
    ports:
      - "127.0.0.1:8000:8000"
    healthcheck:
      test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://127.0.0.1:8000"]
      interval: 30s
      timeout: 10s
      retries: 5
    volumes:
      - data:/usr/src/paperless/data
      - media:/usr/src/paperless/media
      - ./export:/usr/src/paperless/export
      - ./consume:/usr/src/paperless/consume
    env_file: docker-compose.env
    environment:
      PAPERLESS_REDIS: redis://broker:6379
      PAPERLESS_TIKA_ENABLED: 1
      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
      PAPERLESS_TIKA_ENDPOINT: http://tika:9998

  cloudflared:
    image: cloudflare/cloudflared
    command: tunnel run
    restart: unless-stopped
    environment:
      TUNNEL_TOKEN: herewouldbemytoken


  gotenberg:
    image: docker.io/gotenberg/gotenberg:7.8
    restart: unless-stopped

    # The gotenberg chromium route is used to convert .eml files. We do not
    # want to allow external content like tracking pixels or even javascript.
    command:
      - "gotenberg"
      - "--chromium-disable-javascript=true"
      - "--chromium-allow-list=file:///tmp/.*"

  tika:
    image: ghcr.io/paperless-ngx/tika:latest
    restart: unless-stopped

volumes:
  data:
  media:
  redisdata:
# This file contains everything paperless needs to run.
# Paperless supports amd64, arm and arm64 hardware.
# All compose files of paperless configure paperless in the following way:
#
# - Paperless is (re)started on system boot, if it was running before shutdown.
# - Docker volumes for storing data are managed by Docker.
# - Folders for importing and exporting files are created in the same directory
#   as this file and mounted to the correct folders inside the container.
# - Paperless listens on port 8000.
#
# SQLite is used as the database. The SQLite file is stored in the data volume.
#
# In addition to that, this docker-compose file adds the following optional
# configurations:
#
# - Apache Tika and Gotenberg servers are started with paperless and paperless
#   is configured to use these services. These provide support for consuming
#   Office documents (Word, Excel, Power Point and their LibreOffice counter-
#   parts.
#
# To install and update paperless with this file, do the following:
#
# - Copy this file as 'docker-compose.yml' and the files 'docker-compose.env'
#   and '.env' into a folder.
# - Run 'docker-compose pull'.
# - Run 'docker-compose run --rm webserver createsuperuser' to create a user.
# - Run 'docker-compose up -d'.
#
# For more extensive installation and update instructions, refer to the
# documentation.

version: "3.4"
services:
  broker:
    image: docker.io/library/redis:7
    restart: unless-stopped
    volumes:
      - redisdata:/data

  webserver:
    image: ghcr.io/paperless-ngx/paperless-ngx:latest
    restart: unless-stopped
    depends_on:
      - broker
      - gotenberg
      - tika
    ports:
      - "127.0.0.1:8000:8000"
    healthcheck:
      test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://127.0.0.1:8000"]
      interval: 30s
      timeout: 10s
      retries: 5
    volumes:
      - data:/usr/src/paperless/data
      - media:/usr/src/paperless/media
      - ./export:/usr/src/paperless/export
      - ./consume:/usr/src/paperless/consume
    env_file: docker-compose.env
    environment:
      PAPERLESS_REDIS: redis://broker:6379
      PAPERLESS_TIKA_ENABLED: 1
      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
      PAPERLESS_TIKA_ENDPOINT: http://tika:9998

  cloudflared:
    image: cloudflare/cloudflared
    command: tunnel run
    restart: unless-stopped
    environment:
      TUNNEL_TOKEN: herewouldbemytoken


  gotenberg:
    image: docker.io/gotenberg/gotenberg:7.8
    restart: unless-stopped

    # The gotenberg chromium route is used to convert .eml files. We do not
    # want to allow external content like tracking pixels or even javascript.
    command:
      - "gotenberg"
      - "--chromium-disable-javascript=true"
      - "--chromium-allow-list=file:///tmp/.*"

  tika:
    image: ghcr.io/paperless-ngx/tika:latest
    restart: unless-stopped

volumes:
  data:
  media:
  redisdata:
Cyb3r-Jak3
Cyb3r-Jak316mo ago
What does your tunnel config look like?
kayo
kayoOP16mo ago
tunnel config? it's only the token or what do you mean?
Cyb3r-Jak3
Cyb3r-Jak316mo ago
If you configured the tunnel in dashboard you need make a public hostname for the URL you want to serve
kayo
kayoOP16mo ago
No description
kayo
kayoOP16mo ago
tunnel logs: 
2023-09-18T00:02:38Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:8000: connect: connection refused" cfRay=***-FRA event=1 ingressRule=0 originService=http://127.0.0.1:8000
2023-09-18T00:02:38Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:8000: connect: connection refused" connIndex=3 dest=https://paperless.***.li/ event=0 ip=*** type=http
2023-09-18T00:02:38Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:8000: connect: connection refused" cfRay=***-FRA event=1 ingressRule=0 originService=http://127.0.0.1:8000
2023-09-18T00:02:38Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:8000: connect: connection refused" connIndex=3 dest=https://paperless.***.li/favicon.ico event=0 ip=198.41.200.13 type=http
2023-09-18T00:02:38Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:8000: connect: connection refused" cfRay=***-FRA event=1 ingressRule=0 originService=http://127.0.0.1:8000
2023-09-18T00:02:38Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:8000: connect: connection refused" connIndex=3 dest=https://paperless.***.li/ event=0 ip=*** type=http
2023-09-18T00:02:38Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:8000: connect: connection refused" cfRay=***-FRA event=1 ingressRule=0 originService=http://127.0.0.1:8000
2023-09-18T00:02:38Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:8000: connect: connection refused" connIndex=3 dest=https://paperless.***.li/favicon.ico event=0 ip=198.41.200.13 type=http
okay i have to learn how to read what people say didn't configure it to webserver:8000

Did you find this page helpful?