CD
Cloudflare Developers8mo ago
ubbitz

Cloudflare Tunnel for multiple LXC containers in Proxmox

I'm running into a problem where I can't get more than one active tunnel working at a time. I have Proxmox with various LXC containers (Jellyseerr, qBittorrent, etc.) I've installed Cloudflared LXC via script from tteck using 
bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/cloudflared.sh)"
bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/cloudflared.sh)"
Add cloudflare gpg key with 
mkdir -p mode=0755 /usr/share/keyrings
mkdir -p mode=0755 /usr/share/keyrings
& 
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
Added this repo to my apt repositories: 
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared buster main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared buster main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
Did 
apt-get update -y
apt-get update -y
& 
apt-get install -y cloudflared
apt-get install -y cloudflared
Log in Cloudflare via CLI: 
cloudflare tunnel login
cloudflare tunnel login
Copy and paste cloudflare auth link into browser to get linked with my domain on Cloudflare side. Created tunnel with: 
cloudflared tunnel create <tunnel-name>
cloudflared tunnel create <tunnel-name>
Take note of new generated tunnel ID Then cd into the cloudflared directory: 
cd ./.cloudflared/
cd ./.cloudflared/
Then: 
nano config.yml
nano config.yml
I add the following entry to config.yml file: 
url: <container-one-ip>
tunnel: <tunnel-one-id>
credentials-file: /root/.cloudflared/<tunnel-one-ip>.json

---

# This entry is for setting up a second tunnel to other LXC container (This is where I think I'm going wrong, with the entries being separated by --- )

url: <container-two-ip>
tunnel: <tunnel-two-id>
credentials-file: /root/.cloudflared/<tunnel-two-id>.json

---
url: <container-one-ip>
tunnel: <tunnel-one-id>
credentials-file: /root/.cloudflared/<tunnel-one-ip>.json

---

# This entry is for setting up a second tunnel to other LXC container (This is where I think I'm going wrong, with the entries being separated by --- )

url: <container-two-ip>
tunnel: <tunnel-two-id>
credentials-file: /root/.cloudflared/<tunnel-two-id>.json

---
CTRL+X, y, ENTER to save to get back. Then: 
cloudflared tunnel route dns <tunnel-name> sub.domain
cloudflared tunnel route dns <tunnel-name> sub.domain
Last: 
cloudflared tunnel run <tunnel-name>
cloudflared tunnel run <tunnel-name>
The first time I do this, (when only one entry in the config.yml) it works and tunnel is healthy and active on Cloudflare. When doing this a second time for the next tunnel (and adding the new entry to .yml) it does not work. Any ideas?
8 Replies
RyanKnack
RyanKnack8mo ago
You can check your active tunnels session in https://one.dash.cloudflare.com/?to=/:account/networks/tunnels See if it is registered in here
Cloudflare One
Cloudflare One replaces legacy security perimeters with our global edge, making the Internet faster and safer for teams around the world.
ubbitz
ubbitzOP8mo ago
@RyanKnack I should add that these steps always result in the newly created tunnel populating on the cloudflare side. However: 1. Only the first entry/attempt will successfully connect, show as Healthy, with a connector ID on the Cloudflare side. 2. Any subsequent tunnel additions will still populate the new tunnel name on the Cloudflare side, but it will register as Inactive with no Connector ID
Beny
Beny8mo ago
I just checked how my team does it, we have 2 different configs and a script that runs them both as a service using the token. Perhaps this will work for you? @ubbitz
No description
ubbitz
ubbitzOP8mo ago
Thanks for sharing this. Would you mind breaking it down for me so I understand better? I guess I want to understand how this helps with creating a tunnel for multiple containers
Beny
Beny8mo ago
The above would create 2 different tunnels but it actually sounds like you are just looking to expose multiple services? You can use 1 tunnel running in it's own proxmox LXC container for that with multiple ingress rules in the cloudflared config. Here's an example of how to do it: 
tunnel: <tunnel-id>
credentials-file: /root/.cloudflared/<config-id>.json
ingress:
  - hostname: jellyseerr.example.com
    service: https://10.0.0.4
  - hostname: qbittorrent.example.com
    service: https://10.0.0.6
tunnel: <tunnel-id>
credentials-file: /root/.cloudflared/<config-id>.json
ingress:
  - hostname: jellyseerr.example.com
    service: https://10.0.0.4
  - hostname: qbittorrent.example.com
    service: https://10.0.0.6
ubbitz
ubbitzOP8mo ago
@Beny I installed cloudflared in it's own Proxmox container. I ran 
cloudflared tunnel login
cloudflared tunnel login
copy/paste the auth/connect link, get connected etc. Then I create the new tunnel: 
cloudflared tunnel create <tunnel-name>
cloudflared tunnel create <tunnel-name>
After that I update the cloudflared config like you listed above. After updating the cloudflared config, i run 
cloudflared tunnel route dns <tunnel-name> <sub.domain.com>
cloudflared tunnel route dns <tunnel-name> <sub.domain.com>
then 
cloudflared tunnel run <tunnel-name>
cloudflared tunnel run <tunnel-name>
from what I understand, this creates a tunnel on the Cloudflare side, which you can assign a public hostname and the internal URL of the service you're running. I suppose I'm lost on how the above config would translate on the Cloudflare side, and how it would all connect
Beny
Beny8mo ago
In the zero trust dashboard, under tunnels, is where you can configure it to hook it up to your domain. It will automatically add the DNS entries
ubbitz
ubbitzOP8mo ago
@Beny i guess what i dont understand is if this way configures one tunnel but allows connecting multple services, how would all the services be shown and configured on the Cloudflare side? For example, in your config example you put Jellyseerr and qBittorrent, with their respective hostnames and service/IPs, how would both of those show up cloudflare side with just the one tunnel? would i add multiple public host names in the tunnel on cloudflare? wow i think i got it. i never knew you could add multiple public host names within a tunnel!
Want results from more Discord servers?
Add your server