Cloudflare
Tunnels
Cloudflare is set to "Flexible" level encryption on SSL/TLS for the domains, which means traffic between Cloudflare and my servers is HTTP (but tunneled via Zero Trust and the tunnel encrypts) and any requests to Cloudflare in HTTP are automatically bumped over to HTTPS, and Cloudflare manages the certificates.
Log into Cloudflare
Go to Zero Trust
Go to Networks -> Tunnels
Click on a network (currently bellman or hupi)
The sidebar pops up for that network. Click EDIT.
This brings up a page with a tab bar at the top, select Public Hostname that's where you will see this
In this example, wiki is running in a Docker in Bellman and vhpa is running directly.
So, I used the zero-trust subnet in Docker for Wiki and it has an internal IP address,
but for vhpa I used the host (bellman) ip address.
Since taking this screenshot, I have changed "hupi" to Tektonic since that's more descriptive.
Apparently the container_name entry in the Hupi compose.yaml is enough to identify the IP of the service for cloudflared.
So in Cloudflare under Public Hostname, the service description of http://hupi:82 is enough! I wonder how I ever figured that out? I used to be smarter.