Cloudflare Tunnel doesn't work with wildcards

[Mishatopkek]

I have an issue where I tried to set up Cloudflare Tunnels to work on my server

I have options *.domain.com -> localhost:8000
I tried different combinations with localhost:80 or simple localhost, but everything without success

In the coolify page Settings -> General -> Configuration -> Instance's Domain => coolify.domain.com
and Servers -> localhost -> Wildcard Domain => domain.com

And somehow I can connect to coolify.domain.com and I managed to attach a private repository, but when I try to run an app in generated url, I see DNS_PROBE_FINISHED_NXDOMAIN

I tried to add a new server because there's a button called "Cloudflare Tunnels" but I need to validate the server and I can't, I tried "localhost", "127.0.0.1" and "host.docker.internal". All the time I get an error "Server is not reachable"

If you need extra information about the problem, please let me know and I'll try to answer as much as possible

[radueduard97]

Got the same issue

[mrados7]

Any update on this? Have you guys managed to get it working? I followed this setup https://coolify.io/docs/knowledge-base/cloudflare/tunnels and later even https://coolify.io/docs/knowledge-base/traefik/wildcard-certificates, but there was no luck getting it to work.
I was getting too many redirects error and only thing I could found is to enable full TLS on cloudflare which didn't help.

[Mishatopkek]

Nope, I just gave up. I use portainer😔

[mrados7]

I managed to get it working after all 🥳 .
First if you did a lot of changes to your coolify (specially proxy and containers) I would suggest to do cleanup and start over (here's how).

Setup cloudflare tunnel

Follow docs but only part for wildcard domains -> https://coolify.io/docs/knowledge-base/cloudflare/tunnels/
Instead of putting cloudflare tunnel to localhost:80 I put it on coolify-proxy:80 (you will see why below)
So every request coming from tunnel will come to reverse proxy (by default traefik running on port 80 with container name coolify-proxy)

Make sure you have DNS setup as follows:

Also make sure that SSL is on Full, or Full(Strict) on Cloudflare.

Coolify setup

You now need to run cloudflared tunnel locally.
My suggestion is to run it in docker via docker compose file. Go to coolify -> new resource -> docker compose empty
Make sure that cloudflare tunnel is in the same docker network as coolify:

services:
  cloudflared:
    container_name: cloudflare-tunnel
    image: 'cloudflare/cloudflared:latest'
    restart: unless-stopped
    command: 'tunnel --no-autoupdate run'
    environment:
      - 'TUNNEL_TOKEN=${CLOUDFLARE_TUNNEL_TOKEN}'
    networks:
      - coolify
networks:
  coolify:
    external: true

Now your cloudflared tunnel can access coolify-proxy and therefore forward requests there.

Make sure proxy is actually running
Go to server -> proxy -> Start proxy if not running already. (You don't need to do any changes here so if you did reset to default will work fine)

Setup domains to http - important!

This was step I missed. It's important that you setup your domains from services you're exposing to http://. Like the docs say:

You need to use http:// in the Domains settings. Cloudflare will take care of the https part. For this you need to set SSL/TLS to Full in the SSL/TLS menu on Cloudflare.
This applies to Settings -> instance domain (e.g. http://coolify.example.com)
And whenever you create new service -> Configuration -> General -> Domains (make sure it's http!)

In the server wildcard domain you can actually use http as well so you get new services domains generated with http.
So in this example it would be: http://example.com for wildcard domain.

[mrados7]

Update!
You can also run cloudflare tunnel in network_mode: host to avoid having to use coolify-proxy:80 in cloudflare tunnel instead of localhost:80.
#2926 (comment)

[johnykes]

How can we do it in network_mode? 🤔

[johnykes]

So I got my coolify working with cloudflared in a separate docker container, as you mentioned :D

But I have a biiig problem. For all my resources, only http endpoints work; https endpoints can't be reached. I have my CloudFlare SSL/TLS set to Full, and I also tried Full (strict), but same result.

[djsisson]

@mrados7 the reason why localhost wasn't working for you is because , you do not have network_mode : host for cloudflared in your docker compose. FYI there is a coolify template for cloudflared with this already setup.

[mrados7]

You're totally right, that's true. Switched it now to network_mode: host and it works as expected. Thanks!

[Mishatopkek]

@mrados7 Why coolify-proxy:80? I still don't get is xD

[mrados7]

You don't need to actually if you look at the comment from @djsisson.
The reason I had it on coolify-proxy:80 is because I ran clouflare tunnel without host network on docker. This means cloudflare tunnel can only access containers from docker network, not host network. So "localhost" is not known to that container. If you run it in host network mode you will be able to access via localhost :D. Both solutions work and I don't see major difference apart from if you want to use cloudflare tunnel outside of docker network to expose even other service which might be useful.

[Mishatopkek]

Thanks bro, I didn't know that

[johnykes]

Hey guys,

So I got my coolify working with cloudflared in a separate docker container

But I have a big problem.

For all my resources, only http endpoints work; https endpoints can't be reached. I have my CloudFlare SSL/TLS set to Full, and I also tried Full (strict), but same result.

More details here

Update: it worked actually, but for osme reason, Brave browser, even if I used incognito, cached the 'can't be reached' response forever. It worked using other browser :)