Cloudflare tunnel not running — forgejo.espoautos.com unreachable externally #4

New issue

Open

opened 2026-04-22 22:10:52 +00:00 by opadmin · 0 comments

opadmin commented

2026-04-22 22:10:52 +00:00

Owner

Problem

forgejo.espoautos.com is not reachable from outside the network. No Cloudflare tunnel pod is running on the MDMZ cluster. Git pushes currently require routing through internal IPs with Host header overrides:

git -c http.extraheader="Host: forgejo.espoautos.com" push http://opadmin:<token>@172.24.0.2/espoautos/<repo>.git main

This blocks:

External git access
Webhook integrations
External image pulls from forgejo.espoautos.com registry

Options

Deploy a Cloudflare tunnel (cloudflared) pointing to the Forgejo service
Use the Palo Alto NAT rule for forgejo.espoautos.com (50.202.234.44) — may already be partially configured
Both (tunnel for HTTPS, NAT for git+ssh)

Note

The modules/cloudflare-tunnel/ module was removed from MDMZ. May need to re-add or deploy manually.

## Problem `forgejo.espoautos.com` is not reachable from outside the network. No Cloudflare tunnel pod is running on the MDMZ cluster. Git pushes currently require routing through internal IPs with Host header overrides: ```bash git -c http.extraheader="Host: forgejo.espoautos.com" push http://opadmin:<token>@172.24.0.2/espoautos/<repo>.git main ``` This blocks: - External git access - Webhook integrations - External image pulls from `forgejo.espoautos.com` registry ## Options 1. Deploy a Cloudflare tunnel (`cloudflared`) pointing to the Forgejo service 2. Use the Palo Alto NAT rule for `forgejo.espoautos.com` (50.202.234.44) — may already be partially configured 3. Both (tunnel for HTTPS, NAT for git+ssh) ## Note The `modules/cloudflare-tunnel/` module was removed from MDMZ. May need to re-add or deploy manually.