#Cloudflare Tunnel for multiple LXC containers in Proxmox

I'm running into a problem where I can't get more than one active tunnel working at a time.

I have Proxmox with various LXC containers (Jellyseerr, qBittorrent, etc.)

I've installed Cloudflared LXC via script from tteck using ```bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/cloudflared.sh)"

Add cloudflare gpg key with 
```mkdir -p mode=0755 /usr/share/keyrings```
& 
```curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null```

Added this repo to my apt repositories:
```echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared buster main' | sudo tee /etc/apt/sources.list.d/cloudflared.list

Did apt-get update -y & apt-get install -y cloudflared

Log in Cloudflare via CLI:
cloudflare tunnel login

Copy and paste cloudflare auth link into browser to get linked with my domain on Cloudflare side.

Created tunnel with: cloudflared tunnel create <tunnel-name>

Take note of new generated tunnel ID

Then cd into the cloudflared directory:
cd ./.cloudflared/

Then: nano config.yml

I add the following entry to config.yml file:

url: <container-one-ip>
tunnel: <tunnel-one-id>
credentials-file: /root/.cloudflared/<tunnel-one-ip>.json

---

# This entry is for setting up a second tunnel to other LXC container (This is where I think I'm going wrong, with the entries being separated by --- )

url: <container-two-ip>
tunnel: <tunnel-two-id>
credentials-file: /root/.cloudflared/<tunnel-two-id>.json

---

CTRL+X, y, ENTER to save to get back.

Then:

cloudflared tunnel route dns <tunnel-name> sub.domain

Last:

cloudflared tunnel run <tunnel-name>

The first time I do this, (when only one entry in the config.yml) it works and tunnel is healthy and active on Cloudflare. When doing this a second time for the next tunnel (and adding the new entry to .yml) it does not work.

Any ideas?

You can check your active tunnels session in

https://one.dash.cloudflare.com/?to=/:account/networks/tunnels

See if it is registered in here

@granite hamlet I should add that these steps always result in the newly created tunnel populating on the cloudflare side. However:

1. Only the first entry/attempt will successfully connect, show as Healthy, with a connector ID on the Cloudflare side.
2. Any subsequent tunnel additions will still populate the new tunnel name on the Cloudflare side, but it will register as Inactive with no Connector ID

I just checked how my team does it, we have 2 different configs and a script that runs them both as a service using the token. Perhaps this will work for you?
@visual plover

Thanks for sharing this. Would you mind breaking it down for me so I understand better? I guess I want to understand how this helps with creating a tunnel for multiple containers

The above would create 2 different tunnels but it actually sounds like you are just looking to expose multiple services? You can use 1 tunnel running in it's own proxmox LXC container for that with multiple ingress rules in the cloudflared config.

Here's an example of how to do it:

tunnel: <tunnel-id>
credentials-file: /root/.cloudflared/<config-id>.json
ingress:
  - hostname: jellyseerr.example.com
    service: https://10.0.0.4
  - hostname: qbittorrent.example.com
    service: https://10.0.0.6

@cosmic canopy I installed cloudflared in it's own Proxmox container. I ran cloudflared tunnel login copy/paste the auth/connect link, get connected etc.

Then I create the new tunnel: cloudflared tunnel create <tunnel-name>

After that I update the cloudflared config like you listed above.

After updating the cloudflared config, i run cloudflared tunnel route dns <tunnel-name> <sub.domain.com>

then cloudflared tunnel run <tunnel-name>

from what I understand, this creates a tunnel on the Cloudflare side, which you can assign a public hostname and the internal URL of the service you're running. I suppose I'm lost on how the above config would translate on the Cloudflare side, and how it would all connect

In the zero trust dashboard, under tunnels, is where you can configure it to hook it up to your domain. It will automatically add the DNS entries

@cosmic canopy i guess what i dont understand is if this way configures one tunnel but allows connecting multple services, how would all the services be shown and configured on the Cloudflare side? For example, in your config example you put Jellyseerr and qBittorrent, with their respective hostnames and service/IPs, how would both of those show up cloudflare side with just the one tunnel?

would i add multiple public host names in the tunnel on cloudflare?