Skip to content

🐛 Tunnel metrics endpoint does not start listening on rootless docker with 'host' networking #1596

New issue
New issue
Open
Open
🐛 Tunnel metrics endpoint does not start listening on rootless docker with 'host' networking#1596
Labels
Priority: NormalMinor issue impacting one or more usersType: BugSomething isn't working
@acottre

Description

@acottre
acottre
opened on Feb 9, 2026

When running cloudflared via rootless docker container, the port for the metrics endpoint does not start listening.
It does work when running under rootful docker, or rootless podman, or without host networking and exposing the ports.

Steps to reproduce the behavior:

  1. Configure rootless docker dockerd-rootless-setuptool.sh install
  2. Run command above as non-root user docker run --rm --name cloudflared --network host cloudflare/cloudflared:latest --loglevel debug --metrics 0.0.0.0:12345 tunnel --no-autoupdate run --token <token>
  3. Check listening ports netstat --tcp --listen -n

Environment and versions

  • OS: Debian 12 (bookworm)
  • Architecture: x86_64
  • Version: Tested on latest, 2025.11.1, 2026.1.2 2026.2.1
  • Docker version 28.5.1, build e180ab8
  • podman version 4.3.1
  • sysctl net.ipv4.ping_group_range net.ipv4.ping_group_range = 0 2147483647

Logs and errors
In all situations, I see this line in the log, but no errors/warnings

2026-02-09T16:57:51Z INF Starting metrics server on [::]:12345/metrics

Metadata

Metadata

Assignees

No one assigned

    Labels

    Priority: NormalMinor issue impacting one or more usersType: BugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions