Cloudflare Tunnel (Zero Trust) access to docker through local domain rather than local ip

  • Hi all,


    Just wondering if anyone has experience in setting up a Cloudflare tunnel to access Docker apps using a local domain (e.g., openmediavault.local) rather than my NAS's specific ip address?

    Or is it not possible with how OMV and Docker is setup?


    I have been successful in accessing my Plex through Cloudflare Tunnel when using my local ip (and specific port) under the service url for the Public Hostname. However, when I change the url to my local domain (or localhost, which I understand is not possible within OMV) with the same port, Cloudflare reports that it's not accessible.


    Normally I wouldn't care about simply using the ip address, but I'll soon be doing some extended travel, and my NAS will live at a friend's home. If possible, I'd like to simply plug my NAS in at their home with as little adjustments as possible, hence why I'd prefer the local domain which should remain regardless of the ip address change.


    Thanks very much.

  • Just bumping this again to see if anyone in these forums has experienced this, or know what may be causing the issue?


    Since then, I've tried adding http://localhost:32400 in the Plex settings for allowed domains, but Cloudflare still throws up an error if the same details are entered into the public hostname fields for the tunnel.

  • If you put your NAS on someone else network then things will change - WAN IP for a start. You will need to update cloudflare and other things to work in a different environment.


    I suggest getting a solution working on your own network and then you can move it and reconfigure to use the new wan ip (and other changes such as nas ip address etc).


    I use SWAG (docker) as a reverse proxy with duckdns to expose a few key services over the internet via SSL (plex for example). You do need to be a little careful so minimise the number of services you expose and you can add additional security if you like (e.g. authelia).


    This works really well for me.

  • Thanks jata1.


    Yep, I expected I'd need to spend a few hours at least updating settings when I plug it in at my friend's home, I was just hoping I could keep it to as minimal as possible.


    I knew the WAN address would change, but my understanding is the Cloudflare Tunnel manages the binding of the WAN address to the external domain automatically (or rather, makes it irrelevant).


    As the LAN IP of my NAS will also change when I move it to my friend's home, I'm trying to get the local domain (e.g., openmediavault.local) working through Cloudflare Tunnel (currently Cloudflare only resolves by entering the current LAN IP as the address).

    If the local domain was working correctly, if I understand correctly, I theoretically should be able to plug it in at my friend's home and his router should (hopefully) automatically assign a LAN IP, recognise the local domain specified in OMV, and map the local domain to the new LAN IP.

    If that all was to happen automatically, then the local domain in Cloudflare should automatically resolve without any intervention by myself to update LAN IP settings in Cloudflare.


    I don't know if that's all possible, but when searching for solutions, I have seen people entering 'localhost' within Cloudflare Tunnel, which resolves correctly for them, but as far as I'm aware 'localhost' won't work for OMV.

  • There are a lot of if's in the above - particularly around the lan configuration / capability at your friends house.


    I would not use the domain .local is this is typically used by mDNS services and might cause you issues.


    The key is to have hostname.lan or something similar (just not .local). Maybe ask your friend what he uses on his network. Then setup your environment to use the same.


    So work though getting everything setup on your network (e.g. ssl port forward on router to your NAS if needed). There will be other things as well if you go down the reverse proxy route. Then write up a list and get it all working at your friends house.

  • The key is to have hostname.lan or something similar (just not .local). Maybe ask your friend what he uses on his network. Then setup your environment to use the same.

    Thanks so much, that makes much more sense to me now. :)


    I'll touch base with my friend and see what network setup they have (most likely just whatever was provided by their ISP), and write up everything I need in advance.


    Thanks again!

  • These are the questions/things you need to know about your home setup and your friend:


    1. WAN IP - fixed or dynamic. If dynamic you need a way to update cloudflare with the new IP when/if it changes

    2. local network - ip range and dhcp. Can you assign a fixed IP or static dhcp reservation for your nas?

    3. router - NAT port forwarding from router. Is uPnP available (possibly a very easy solution if just for plex)


    Everything else more or less can be done in your OMV / docker config.


    I need to understand what services do you need/want to access? Just plex? What else?

  • Thanks for your continued assistance jata1.


    As for your points:

    1. I have cloudflared installed on my NAS through Docker, which automatically updates my domain in Cloudflare when/if the WAN changes.

    2. I'd have to check with my friend on this. Most hardware provided by ISPs in Australia do offer some level of access to assigning static IPs on LANs, but I guess that is why I was trying to utilise a local domain (e.g. openmediavault.local, openmediavault.lan) instead of an IP in my Cloudflare setup so it wouldn't matter if the NAS LAN IP changes.

    3. Cloudflared manages the reverse proxying through their online platform, so port forwarding isn't required at a local level (this is the current setup I have, and can confirm I can access my apps outside my LAN).


    The apps I currently have set up and can access externally are:

    • Plex
    • Nextcloud
    • FreshRSS

    The apps I have not yet setup, but plan to also use are:

    • Kavita
    • Romm
    • OnlyOffice

    Ultimately, all I'm trying to achieve (if possible) is to replace my NAS's LAN IP in the Cloudflare Tunnel settings with my NAS's local domain.

    I've attached a screenshot of a current working example I have set up (with identifiable info replaced) in Cloudflare Tunnel.

    All I'd like is to replace is the IP address field (not the port) with the local domain if possible, and have it work.


    Thanks again.

  • I see. Looks like docker on the nas will take care of the wanip change at your friend house. So no issue there.


    The issue I see with cloudflare using the host name rather than ip address is that cloudflare will need to resolve the name to ip address and I don’t see how that would work.


    Have you googled this config to see if others have made it work?


    If the only reason is to handle the change in lan ip address then just set that up manually once you know the new ip?

  • Apologies for the late reply.


    I played around a bit more, but was unable to have the local domain work with Cloudflare, so I'll just stick with manually updating the LAN ip address after setting it up at my friend's home.


    I was mostly just being lazy, and seeing if there was a way I could minimise as much as possible parts of my setup I'll need to update/change. :)


    Thanks again for your help jata1 and I'll mark this as resolved, being that it's not possible.

  • sputz

    Added the Label resolved
  • sputz

    Added the Label OMV 7.x

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!