crazy-max / docker-cloudflared Goto Github PK
View Code? Open in Web Editor NEWCloudflared proxy-dns Docker image
License: MIT License
Cloudflared proxy-dns Docker image
License: MIT License
Hi Crazymax I have recently installed your image on my raspberry pi 4 with docker but I have get two type of error:
After restarting container work well but is a bit annoying.
Can't change DNS listen port
The container should change its DNS listen port accordingly to the port set in the configuration.
The container always uses port 5053.
docker-compose --version
) :uname -a
) : Linux Tower 4.19.107-Unraid #1 SMP Thu Mar 5 13:55:57 PST 2020 x86_64 Intel(R) Xeon(R) CPU E5-2660 0 @ 2.20GHz GenuineIntel GNU/LinuxClient:
Debug Mode: false
Server:
Containers: 17
Running: 12
Paused: 0
Stopped: 5
Images: 17
Server Version: 19.03.5
Storage Driver: btrfs
Build Version: Btrfs v4.7.3
Library Version: 101
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.19.107-Unraid
Operating System: Slackware 14.2 x86_64 (post 14.2 -current)
OSType: linux
Architecture: x86_64
CPUs: 32
Total Memory: 31.43GiB
Name: Tower
ID: GWTT:CIR3:JXTA:XM6F:O45K:DW5E:APOI:CM7N:VX5B:DXFI:7GM6:WL34
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: lustteufel
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
> Container logs (set LOG_LEVEL to debug if applicable)
I'm looking at running Pihole, your cloudflared and a number of other docker containers on my ROCK Pi 4 setup here, but it seems that you don't (yet) support the required "aarch64" architecture.
Any chance you could please add that to your project?
Hi,
thanks four this image. I am not interested in metrics. Is it possible to deactivate the metrics server?
When using the TUNNEL_DNS_ADDRESS parameter other than "0.0.0.0" the Healthcheck will report Unhealthy
For example: TUNNEL_DNS_ADDRESS=192.168.1.38
The Healthcheck command used is "dig +short @127.0.0.1 -p $TUNNEL_DNS_PORT cloudflare.com A || exit 1"
Changing it to "dig +short @$TUNNEL_DNS_ADDRESS -p $TUNNEL_DNS_PORT cloudflare.com A || exit 1" will solve this.
Cloudflared container runs normally but reports as unhealthy.
Tell me what should happen
Tell me what happens instead
docker --version
) : version 20.10.6, build 370c289docker-compose --version
) : version 1.21.0uname -a
) : Linux 5.10.17-v8+ #1421 SMP PREEMPT Thu May 27 14:01:37 BST 2021 aarch64 GNU/Linuxdocker-compose.yml
, .env
, ...> Output of command `docker info`
> Container logs (set LOG_LEVEL to debug if applicable)
Status | unhealthy
Failure count | 21
Last output | time.c:126: Operation not permitted timer.c:634: fatal error: RUNTIME_CHECK(isc_time_now((&now)) == 0) failed Aborted
When running the container in network host mode, the container only runs on IPv6 and not in IPv4.
docker-compose.yml
file:version: '2.4'
services:
cloudflared:
container_name: cloudflared
image: crazymax/cloudflared:latest
mem_limit: 32m
restart: always
ports:
- 5053:5053/udp
- 49312:49312/tcp
network_mode: host
environment:
TZ: "America/New_York"
TUNNEL_DNS_UPSTREAM: "https://1.1.1.1/dns-query,https://1.0.0.1/dns-query"
docker-compose up -d
15:12 $ sudo netstat -tlnp | grep 5053
tcp6 0 0 :::5053 :::* LISTEN 2714/cloudflared
The expected behavior is that cloudflared should run either on IPv4 as default in addition to IPv6.
Only IPv6 service is enabled.
docker --version
) : Docker version 19.03.7, build 7141c199a2docker-compose --version
) : docker-compose version 1.24.0, build 0aa59064uname -a
) : Linux hostname 4.15.0-88-generic #88-Ubuntu SMP Tue Feb 11 20:11:34 UTC 2020 x86_64 x86_64 x86_64 GNU/Linuxdocker-compose.yml
, .env
, ... Included above.Server:
Containers: 6
Running: 5
Paused: 0
Stopped: 1
Images: 18
Server Version: 19.03.7
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 140
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: active
NodeID: qx8vp8z9nm63pi3j4o8n0x1l7
Is Manager: true
ClusterID: vafqhdsm0qxv0slylksma6rx1
Managers: 1
Nodes: 1
Default Address Pool: 10.0.0.0/8
SubnetSize: 24
Data Path Port: 4789
Orchestration:
Task History Retention Limit: 5
WARNING: No swap limit support
WARNING: the aufs storage-driver is deprecated, and will be removed in a future release.
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 192.168.1.3
Manager Addresses:
192.168.1.3:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-88-generic
Operating System: Ubuntu 18.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 31.37GiB
Name: starbuck
ID: WKKZ:XESW:QEGJ:SQ2K:M2SG:MK7D:VXMB:C22Q:Y2B4:Y6QC:7T6O:VS5A
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: sohmc
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: falseq
time="2020-03-15T08:35:26-04:00" level=info msg="Adding DNS upstream" url="https://1.1.1.1/dns-query"
time="2020-03-15T08:35:26-04:00" level=info msg="Adding DNS upstream" url="https://1.0.0.1/dns-query"
time="2020-03-15T08:35:26-04:00" level=info msg="Starting metrics server" addr="[::]:49312"
time="2020-03-15T08:35:26-04:00" level=info msg="Starting DNS over HTTPS proxy server" addr="dns://0.0.0.0:5053"
Starting the container. docker-compose
cloudflared: image: crazymax/cloudflared:latest container_name: cloudflared hostname: cloudflared networks: pihole: ipv4_address: 172.20.0.3 environment: - "TZ=America/New_York" - "TUNNEL_DNS_UPSTREAM=https://1.1.1.1/dns-query,https://1.0.0.1/dns-query" restart: always
Properly resolve DoH to provide host name resolution.
Falling to resolve
level=error msg="failed to connect to an HTTPS backend \"https://1.0.0.1/dns-query\"" error="failed to perform an HTTPS request: Post https://1.0.0.1/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
docker --version
) : Docker version 19.03.4-ce, build 9013bf583adocker-compose --version
) : docker-compose version 1.24.1, build unknown> Output of command `Client:
Debug Mode: false
Server:
Containers: 26
Running: 14
Paused: 0
Stopped: 12
Images: 52
Server Version: 19.03.4-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d50db0a42053864a270f648048f9a8b4f24eced3.m
runc version: d736ef14f0288d6993a1845745d6756cfc9ddd5a
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 5.3.7.b-3-hardened
Operating System: Arch Linux
OSType: linux
Architecture: x86_64
CPUs: 64
Total Memory: 60.9GiB
Name: !
ID: !
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: anthr76
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: API is accessible on http://0.0.0.0:4243 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
`
cloudflared | time="2019-11-14T20:27:46-05:00" level=error msg="failed to connect to an HTTPS backend \"https://1.0.0.1/dns-query\"" error="failed to perform an HTTPS request: Post https://1.0.0.1/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
cloudflared | time="2019-11-14T20:27:46-05:00" level=error msg="failed to connect to an HTTPS backend \"https://1.0.0.1/dns-query\"" error="failed to perform an HTTPS request: Post https://1.0.0.1/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
cloudflared | time="2019-11-14T20:27:46-05:00" level=error msg="failed to connect to an HTTPS backend \"https://1.0.0.1/dns-query\"" error="failed to perform an HTTPS request: Post https://1.0.0.1/dns-query: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
cloudflared | time="2019-11-14T20:34:21-05:00" level=info msg="Adding DNS upstream" url="https://1.1.1.1/dns-query"
cloudflared | time="2019-11-14T20:34:21-05:00" level=info msg="Adding DNS upstream" url="https://1.0.0.1/dns-query"
cloudflared | time="2019-11-14T20:34:21-05:00" level=info msg="Starting metrics server" addr="[::]:49312"
cloudflared | time="2019-11-14T20:34:21-05:00" level=info msg="Starting DNS over HTTPS proxy server" addr="dns://0.0.0.0:5053"
If you could kindly add support for cloudflare argo tunnels too. This is an example of how I got it work. But you could add it as a tag too. Thanks in Advance!
https://github.com/aelfa/docker-cloudflared
Latency
I am experiencing high latencies when I use the example docker compose file. Is this normal?
Normal latency
My normal latency is between 25 and 50ms...
Thanks in advance
edit: the latency in the cloudflared docker container is much much better:
Container latency
version: "3"
# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
pihole:
container_name: pihole
hostname: home-server
image: pihole/pihole:latest
mac_address: '02:42:6a:57:70:bf'
networks:
pihole:
ipv4_address: 172.21.0.2
ports:
- "53:53/tcp"
- "53:53/udp"
#- "67:67/udp" # DHCP Server
- "80:80/tcp"
- "443:443/tcp"
environment:
TZ: 'Europe/Berlin'
WEBPASSWORD: 'XXX'
DNS1: 172.21.0.3#5053
DNS2: 172.21.0.3#5053
ServerIP: 192.168.178.45
# Volumes store your data between container upgrades
volumes:
- './etc-pihole/:/etc/pihole/'
- './etc-dnsmasq.d/:/etc/dnsmasq.d/'
#- './var-log/pihole.log:/var/log/pihole.log'
dns:
- 127.0.0.1
- 1.1.1.1
# Recommended but not required (DHCP needs NET_ADMIN)
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
cap_add:
- NET_ADMIN
restart: unless-stopped
cloudflared:
image: crazymax/cloudflared:latest
container_name: cloudflared
hostname: cloudflared
networks:
pihole:
ipv4_address: 172.21.0.3
environment:
TZ: 'Europe/Berlin'
TUNNEL_DNS_UPSTREAM: 'https://1.1.1.1/dns-query,https://1.0.0.1/dns-query'
restart: unless-stopped
networks:
pihole:
ipam:
config:
- subnet: 172.21.0.0/24
Metrics server starts when the container starts. I can visit the metrics endpoint and see the the data. So when a tunnel is started and the metrics server can't run because there is already a metrics server running on that port. The tunnel fails to start. Ducked the error without finding much for help.
This is my docker file.
version: "3.5"
services:
cloudflared:
image: crazymax/cloudflared:latest
container_name: cloudflared
volumes:
- /mnt/dockers/config/cloudflared:/home/cloudflared
ports:
- target: 5053
published: 5053
protocol: udp
- target: 49312
published: 49312
protocol: tcp
environment:
- "TZ=America/Los_Angeles"
- "TUNNEL_DNS_UPSTREAM=https://u6ko3ti7wp.cloudflare-gateway.com/dns-query"
- "TUNNEL_ORIGIN_CERT=/home/cloudflared/.cloudflared/cert.pem"
restart: always
The docker starts without issues. Going to localhost:49312/metrics shows
# HELP build_info Build and version information
# TYPE build_info gauge
build_info{goversion="go1.17.7",revision="",type="",version="2022.2.1"} 1
# HELP cloudflared_tunnel_active_streams Number of active streams created by all muxers.
# TYPE cloudflared_tunnel_active_streams gauge
cloudflared_tunnel_active_streams 0
# HELP cloudflared_tunnel_concurrent_requests_per_tunnel Concurrent requests proxied through each tunnel
# TYPE cloudflared_tunnel_concurrent_requests_per_tunnel gauge
cloudflared_tunnel_concurrent_requests_per_tunnel 0
# HELP cloudflared_tunnel_ha_connections Number of active ha connections
# TYPE cloudflared_tunnel_ha_connections gauge
cloudflared_tunnel_ha_connections 0
# HELP cloudflared_tunnel_request_errors Count of error proxying to origin
# TYPE cloudflared_tunnel_request_errors counter
[Redacted for brevity]
Within the docker shell I start the tunnel using...
cloudflared tunnel --config /home/cloudflared/.cloudflared/config.yml run cloud
and it fails due to the metrics address already in use.
2022-02-21T06:02:26Z INF Starting tunnel tunnelID=[REDACTED]
2022-02-21T06:02:26Z INF Version 2022.2.1
2022-02-21T06:02:26Z INF GOOS: linux, GOVersion: go1.17.7, GoArch: amd64
2022-02-21T06:02:26Z INF Settings: map[config:/home/cloudflared/.cloudflared/config.yml cred-file:/home/cloudflared/.cloudflared/[REDACTED].json credentials-file:/home/cloudflared/.cloudflared/REDACTED.json]
2022-02-21T06:02:26Z INF Environmental variables map[TUNNEL_DNS_ADDRESS:0.0.0.0 TUNNEL_DNS_PORT:5053 TUNNEL_DNS_UPSTREAM:https://u6ko3ti7wp.cloudflare-gateway.com/dns-query TUNNEL_METRICS:0.0.0.0:49312 TUNNEL_ORIGIN_CERT:/home/cloudflared/.cloudflared/cert.pem]
2022-02-21T06:02:26Z INF cloudflared will not automatically update when run from the shell. To enable auto-updates, run cloudflared as a service: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/run-as-service
2022-02-21T06:02:26Z INF Generated Connector ID: [REDACTED]
2022-02-21T06:02:26Z INF Initial protocol http2
2022-02-21T06:02:26Z ERR Error opening metrics server listener error="listen tcp 0.0.0.0:49312: bind: address already in use"
Error opening metrics server listener: listen tcp 0.0.0.0:49312: bind: address already in use
The metrics server should only need to start once. Either when the docker comes up or when the tunnel is created, but not at both times.
docker --version
) : 20.10.11, build dea9396docker-compose --version
) : 1.25.0, build unknownuname -a
) : Linux truenas-scale.local 5.10.81+truenas x86_64 GNU/Linuxdocker-compose.yml
, .env
, ...Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
scan: Docker Scan (Docker Inc., v0.9.0)
Server:
Containers: 22
Running: 22
Paused: 0
Stopped: 0
Images: 26
Server Version: 20.10.11
Storage Driver: zfs
Zpool: dockers
Zpool Health: ONLINE
Parent Dataset: dockers
Space Used By Parent: 77581218624
Space Available: 3212133043392
Parent Quota: no
Compression: lz4
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: active
NodeID: [REDACTED]
Is Manager: true
ClusterID: [REDACTED]
Managers: 1
Nodes: 1
Default Address Pool: 10.0.0.0/8
SubnetSize: 24
Data Path Port: 4789
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: [REDACTED]
Manager Addresses:
[REDACTED]
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc version: v1.0.2-0-g52b36a2
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 5.10.81+truenas
Operating System: Debian GNU/Linux 11 (bullseye)
OSType: linux
Architecture: x86_64
CPUs: 64
Total Memory: 62.84GiB
Name: truenas-scale.local
ID: [REDACTED]
Docker Root Dir: /mnt/dockers/home
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
https://dns64.dns.google/dns-query{?dns},https://dns.google/dns-query
Tell me what should happen
get data from google DNS
Tell me what happens instead
no data, or CNAME
Hey there,
I'm just curious as to what these environment variables are used for as I don't see them in the pihole docker readme.
- "PROXY_LOCATION=pihole"
- "VIRTUAL_PORT=80"
Hi just one information ...
I ran the container with Docker CLI (no docker-compose). If I enter in docker container in ash console (via portainer) I would like to know where I find the logs.
I would like to map logs across a volume with docker CLI and I was unable to find the path to the logs
Thanks
@crazy-max , thank you for providing this multi-arch image. I got it working with pihole in my Docker Swarm cluster. If you wanted to provide examples in your repo (along with your docker-compose.yml), please see my swarm compose and README
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.