0

I’m running into a problem exposing a PostgreSQL database through a Cloudflare Tunnel, and I’m hoping someone with deeper Cloudflare Zero Trust/WARP experience can help me understand what’s going on.

Setup:

I have a Cloudflare Tunnel running on my server, and all HTTP services behind it work without any issues.

I created a data.mydomain.com hostname in the tunnel and mapped it to a TCP service pointing at the database.

DNS is a clean CNAME to the tunnel, and Cloudflare Access is enabled.

WARP is enabled on my local machine and enrolled in my Zero Trust organization.

I can resolve and reach other services (including Grafana) through the tunnel without any problems.

The issue:

Whenever I try to connect to my database through the tunnel hostname, PostgreSQL clients fail instantly with the usual “is the server running on that host and accepting TCP/IP connections?” message.

Improve this question
2
  • So... is the server running there? Are you reaching it? Can you reach other ports on the same host? Do the logs on the server show any connection attempts or firewall blocking happening? Commented yesterday
  • that's a classic cloudflare tunnel gotcha with postgres, cloudflare access doesn't support raw TCP for database protocols like postgres, only http/https and ssh/rdp/vnc kinda stuff. When you put cloudflare access in front of a TCP tunnel pointing to 5432, it tries to do an http-level challenge/auth and postgres speaks pure TCP right away > instant reject, that's why it fails immediately. Commented 17 hours ago
Related questions
2642
How to show tables in PostgreSQL?
2253
PostgreSQL "DESCRIBE TABLE"
1993
How can I change a PostgreSQL user password?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.