Tips for cloudflared running in TrueNAS Scale jail

I’ve been having a fun time with Jails, docker, and Dockge per the Stux video.

Here’s the compose.yaml file I used for cloudflared running in Dockge in my TrueNAS Scale jail.

The biggest time waster was trying to debug the ping warning message about your user is in the wrong group. The way they made the docker image for cloudflared I think means it’s impossible to fix the warning. I supplied both 0 and 1 and still got the warning message about the user not being allowed to run ping, so I gave up.

version: "3.9"
    user: 0:0
    image: cloudflare/cloudflared
    restart: unless-stopped
    network_mode: host
    command: tunnel run
      - TUNNEL_TOKEN=eyJhIjoi... really... long.... string.....J9
networks: {}

Cloudflared means everything can be remotely managed from your Cloudflare web console which is convenient.

This enabled me to easily create external hostnames like “” and have it go right to the correct server and port supplying that app. It ONLY works for HTTP and HTTPS protocols since it uses the hostname: to figure out how to route it.

The only snags I ran into was exposing services like Minio which only accept SSL traffic.

You have (at least) 2 options for SSL services:

  1. Disable certificate checking in the Cloudflare config (it only shows the TLS options if you choose HTTPS as the connection type and you can access the slider to disable the check)
  2. Configure your app to use the wildcard cert, and then refer to it in Cloudflare as the full domain name like this:

    You can see the option to disable cert checking in the image above.

To debug, use the logs for cloudflared which in the config above will be shown in dockge. Once I looked at the logs, it was pretty easy to figure out any problems.

1 Like