When running cloudflared via rootless docker container, the port for the metrics endpoint does not start listening.
It does work when running under rootful docker, or rootless podman, or without host networking and exposing the ports.
Steps to reproduce the behavior:
- Configure rootless docker
dockerd-rootless-setuptool.sh install
- Run command above as non-root user
docker run --rm --name cloudflared --network host cloudflare/cloudflared:latest --loglevel debug --metrics 0.0.0.0:12345 tunnel --no-autoupdate run --token <token>
- Check listening ports
netstat --tcp --listen -n
Environment and versions
- OS: Debian 12 (bookworm)
- Architecture: x86_64
- Version: Tested on latest, 2025.11.1, 2026.1.2 2026.2.1
- Docker version 28.5.1, build e180ab8
- podman version 4.3.1
- sysctl net.ipv4.ping_group_range
net.ipv4.ping_group_range = 0 2147483647
Logs and errors
In all situations, I see this line in the log, but no errors/warnings
2026-02-09T16:57:51Z INF Starting metrics server on [::]:12345/metrics
When running cloudflared via rootless docker container, the port for the metrics endpoint does not start listening.
It does work when running under rootful docker, or rootless podman, or without host networking and exposing the ports.
Steps to reproduce the behavior:
dockerd-rootless-setuptool.sh installdocker run --rm --name cloudflared --network host cloudflare/cloudflared:latest --loglevel debug --metrics 0.0.0.0:12345 tunnel --no-autoupdate run --token <token>netstat --tcp --listen -nEnvironment and versions
net.ipv4.ping_group_range = 0 2147483647Logs and errors
In all situations, I see this line in the log, but no errors/warnings