Cloudflare tunnel with ingress not working as expected

Question

I set up the cloudflare tunnel with ingress rules following the documentation to the best of my knowledge. Here's my config.yml:

tunnel: [my-tunnel-id]
credentials-file: /Users/me/.cloudflared/[my-tunnel-id].json
ingress:
  - hostname: sub1.myurl.com
    service: http://localhost:3000
  - hostname: sub2.myurl.com
    service: http://localhost:3001
  - service: http_status:404

My DNS records also contain CNAME entries for both sub1 and sub2 subdomains that point to the [my-tunnel-id].cfargotunnel.com.

On my machine I have the tunnel and my two apps running on localhost:3000 and localhost:3001 successfully.

When I visit sub1.myurl.com, it correctly loads the app from localhost:3000. But when I visit sub2.myurl.com, it also loads the app from localhost:3000 instead of localhost:3001.

One log statement from the cloudflared tunnel states:

2023-05-12T08:11:46Z INF Updated to new configuration config="{\"ingress\":[{\"originRequest\":{}, \"service\":\"http://localhost:3000\"}], \"warp-routing\":{\"enabled\":false}}" version=3

suggesting that it's probably not loading the ingress configuration as represented in the yml file.

However, if I test the setup locally, it says that the ingress rules are correct:

$: cloudflared tunnel ingress rule https://sub1.myurl.com
Using rules from /Users/me/.cloudflared/config.yml
Matched rule #1
        hostname: sub1.myurl.com
        service: http://localhost:3000
$: cloudflared tunnel ingress rule https://sub2.myurl.com
Using rules from /Users/me/.cloudflared/config.yml
Matched rule #2
        hostname: sub2.myurl.com
        service: http://localhost:3001

What exactly am I doing incorrectly here?

Answer 1

OK, so after trying everything and (unsuccessfully) requesting support on Cloudflare community pages, I ended up solving the problem by simply deleting and creating the tunnel anew. I also upgraded my cloudflared instance in the process.

So, the steps to delete and the create the tunnel again:

cloudflared tunnel delete your_tunnel_name

then

cloudflared tunnel create your_tunnel_name

then copy the new tunnel ID from the cli output in the terminal and complete the following steps:

1. Find and open the config.yaml file in the .cloudflared folder on your root user and paste the new tunnel ID over where the old one was.
2. Go to DNS settings of your cloudflare account and update the CNAME records for your hosts that you want routed through the tunnel so that the target points to new_tunnel_id.cfargotunnel.com.

Then run the tunnel, and ingress starts working as expected.

Answer 2

I've experienced the same issue where the updated ingress rules were not picked up despite the 'ingress rule' command clearly stating that everything is correct and should work, and after a lot of debugging logs and checking online resources I found that IF you are running cloudflared as a service then it starts using a cloned config file found at /etc/cloudflared/config.yml

So any changes made in ~/.cloudflared/config.yml do not actually get used by the service, but they do get validated when using the command line, which is misleading.

I copied the updated rules over to /etc/cloudflared/config.yml and restarted the cloudflared service, and everything worked fine afterwards.