cloudflared
cloudflared copied to clipboard
cloudflare
Multiple services with same hostname
Heyo!
Loving Tunnels so far, however I do have a question. I sthere support, or any intention to support, multiple services on the same hostname? I'm presently working with a TCP-based application that communicates on two different ports and must be reachable by the same hostname. Is this possible with Tunnels?
Hey! Sorry for getting back late. Glad to see you're enjoying Tunnels. Are these multiple services replicas or different applications altogether?
I have the same need. I'm assuming he's asking about being able to do something like this for the ingress rules:
ingress:
- hostname: myapp.example.com
service: http://internaladdress:8080
- hostname: myapp.example.com
service: tcp://internaladdress:9000
Two ingress rules directing traffic bound for the same domain to two different backends. You can do this right now with HTTP/HTTPS using "path", but that doesn't work for other protocols obviously.
I think to make this possible, cloudflared would need to be able to do two things (there might be other ways):
- Detect the incoming protocol type (best effort), so it can match it with the defined backend destination protocol.
- When the incoming protocol matches more than one ingress rule based on protocol type (but different port), try both destinations and use the one where a connection can be properly established (extra overhead no doubt with arbitrary TCP services).
A real-life example of where I want to be able to do something like this is with a DNS server that I can connect to both with DNS-over-HTTPS and DNS-over-TLS, with preferably the same hostname.
Right now my ingress rule needs to be something like this:
ingress:
- hostname: dns-doh.example.com
service: https://backend:443
- hostname: dns-tls.example.com
service: tcp://backend:853
I would like both hostnames to be the same (because traffic is going to the same server at the end of the day):
ingress:
# DNS-over-HTTPS
- hostname: dns.example.com
service: https://backend:443
# DNS-over-TLS
- hostname: dns.example.com
service: tcp://backend:853
Don't know how this could best be achieved, but there should be a way.
I don't think this is really doable with ingress rules. Different origins must map to different hostnames (even if just in the path of the URL, with the same domain behind it).
Otherwise my suggestion is to use the Zero Trust WARP client to connect to Cloudflare, and then you can access the private IP:port directly, provided you expose them via Cloudflare Tunnel.
My main desire for this is mainly to use a service that has two separate TCP ports, but shares the same address. So something along the lines of:
- hostname: test.example.com
service: tcp://backend:8085
- hostname: test.example.com
service: tcp://backend:8086
Though it would depend on the ingress differentiating between ports in the request, which I don't know if Tunnels is doing at the moment, or just focusing on the hostname itself.
I have opened https://github.com/cloudflare/cloudflared/issues/725 for the simplest use-case of supporting different replicas of the same service under the same hostname which doesn't seem to be supported either.
My main desire for this is mainly to use a service that has two separate TCP ports, but shares the same address. So something along the lines of:
- hostname: test.example.com service: tcp://backend:8085
- hostname: test.example.com service: tcp://backend:8086 Though it would depend on the ingress differentiating between ports in the request, which I don't know if Tunnels is doing at the moment, or just focusing on the hostname itself.
I don't think this is really doable with ingress rules. Different origins must map to different hostnames (even if just in the path of the URL, with the same domain behind it). Otherwise my suggestion is to use the Zero Trust WARP client to connect to Cloudflare, and then you can access the private IP:port directly, provided you expose them via Cloudflare Tunnel.
This comment holds true for this question. Tunnel focusses on the hostname to switch between ingress ports. Like Nuno said, it is possible to do what you want (ip + port) using the Zero Trust WARP client.