Environment: Docker (Proxmox LXC)
Network Type: custom network
Goal: Serve currently hosted wordpress blog via Cloudflare Tunnel inside docker at https://blog-test.codedbyte.com

---

🧱 1. Directory Structure

/srv/wordpress/
├── html/                # WordPress site files
├── db_data/             # MariaDB data
├── wp_data/             # Docker bind volume for WordPress
└── docker-compose.yml

---

🐋 2. Docker Compose Configuration

File: /srv/wordpress/docker-compose.yml

version: "3.8"

services:
  wp_db:
    image: mariadb:latest
    container_name: wp_db
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: ***
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wpuser
      MYSQL_PASSWORD: ***
    volumes:
      - ./db_data:/var/lib/mysql
    networks:
      - wordpress_net
      - wordpress_default

  wp_app:
    image: wordpress:latest
    container_name: wp_app
    restart: always
    ports:
      - "80:80"
    environment:
      WORDPRESS_DB_HOST: wp_db:3306
      WORDPRESS_DB_USER: wpuser
      WORDPRESS_DB_PASSWORD: ***
      WORDPRESS_DB_NAME: wordpress
    volumes:
      - ./wp_data:/var/www/html
    networks:
      - wordpress_net
      - wordpress_default

  wp_tunnel:
    image: cloudflare/cloudflared:latest
    container_name: wp_tunnel
    restart: always
    networks:
      - wordpress_default
    volumes:
      - /etc/cloudflared:/etc/cloudflared
    command: tunnel run docker-wp-tunnel

networks:
  wordpress_net:
  wordpress_default:

---

🌐 3. Cloudflare Tunnel Setup

Step 1: Authenticate and Create Tunnel

cloudflared tunnel login
cloudflared tunnel create docker-wp-tunnel

This generates:

/etc/cloudflared/ab6f41c1-aaf2-4e8d-a3c7-2bbe17XXXXXX.json

Step 2: Configure Tunnel

File: /etc/cloudflared/config.yml

tunnel: ab6f41c1-aaf2-4e8d-a3c7-2bbe17XXXXXX
credentials-file: /etc/cloudflared/ab6f41c1-aaf2-4e8d-a3c7-2bbe17XXXXXX.json

ingress:
  - hostname: blog-test.codedbyte.com
    service: http://192.168.X.XX:80
  - service: http_status:404

✅ Replace 192.168.X.XX with the LAN IP of your host machine (not the container IP).

---

🔒 4. Fixing Permissions

mkdir -p /etc/cloudflared
cp /root/.cloudflared/*.json /etc/cloudflared/
chown -R root:root /etc/cloudflared
chmod 600 /etc/cloudflared/*.json

---

🔧 5. Start Containers

cd /srv/wordpress
docker compose up -d

Verify:

docker ps --format "table {{.Names}}\t{{.Ports}}\t{{.Networks}}"

Expected output:

NAMES       PORTS                                 NETWORKS
wp_tunnel                                         wordpress_default
wp_app      0.0.0.0:80->80/tcp, [::]:80->80/tcp   bridge,wordpress_net
wp_db       3306/tcp                              wordpress_net,wordpress_default

---

💾 6. Check WordPress Site URLs

docker run -it --rm \
  --volumes-from wp_app \
  --network container:wp_app \
  wordpress:cli \
  wp option get siteurl --allow-root

If database connection fails with SSL errors, connect manually:

docker exec -it wp_app bash
apt update && apt install mariadb-client -y
mysql -h wp_db -u wpuser -p

Then disable SSL mode (if required):

USE wordpress;
SELECT option_name, option_value FROM wp_options WHERE option_name IN ('siteurl', 'home');
UPDATE wp_options SET option_value='https://blog-test.codedbyte.com' WHERE option_name IN ('siteurl','home');

Add the following line to wp-config.php:

define('MYSQL_CLIENT_FLAGS', 0);

---

✅ 7. Verify Everything

Local Check:

curl -I http://192.168.X.XX

Output:

HTTP/1.1 200 OK
Server: Apache/2.4.65 (Debian)
X-Powered-By: PHP/8.2.29
Content-Type: text/html; charset=UTF-8

External Check:

Visit → https://blog-test.codedbyte.com

---

🧰 TROUBLESHOOTING

Issue	Cause	Fix
Tunnel credentials file doesn't exist	Wrong path in config	Copy JSON to /etc/cloudflared/ and update config.yml
permission denied on credentials	Cloudflared container couldn’t read file	chmod 600 /etc/cloudflared/*.json
Error establishing DB connection	WP CLI didn’t connect to DB	Added define('MYSQL_CLIENT_FLAGS', 0) to wp-config.php
TLS/SSL error: SSL is required, but the server does not support it	MariaDB SSL mismatch	Disabled SSL via client flag
Unknown server host 'db'	Wrong DB host name	Changed to wp_db (matches service name)
Cloudflare tunnel connected but site not loading	Wrong IP or port	Updated config.yml → service: http://192.168.X.XX:80
WP CLI not available	Not installed in wp_app	Used temporary wordpress:cli container
too many redirects or HTTPS errors	Incorrect siteurl/home in DB	Fixed via WP CLI or SQL query

---

🧩 Final Verification Commands

docker logs wp_tunnel --tail=20
docker logs wp_app --tail=20
docker exec -it wp_db mysql -u wpuser -p

When all show “connected” and “200 OK”, your setup is fully functional 🎉