Re-routing traffic from Cloudflare Tunnel to Tailscale for Gitea Runner

I have a big problem.

The problem that I can’t check my site’s traffic info from Cloudflare Dashboad because of the Gitea Runner.

I have a Gitea instance exposed on internet through Cloudflare Tunnel, and the Gitea Runner is configured to connect that Gitea through the domain.

As the Gitea Runner need to know if there is a pending CI/CD task, they will poll the Gitea instance.
The frequency is 2 second per poll.

That means in a 24-hour timespan, there would be 86400 / 2 = 43200 requests to my Gitea instance through Cloudflare
Just for 1 Gitea runner.

Just imagine there are 10 of them. It is a nightmare.
Also these polling traffics are kind of meaningless for me to check.

So the objective is clear for this one:

Find another service to somewhat route those polling traffic to the gitea instance without passing through Cloudflare

And I have a candidate, Tailscale.

Tailscale is a Wireguard based VPN services, providing a easy way to form a secure network.
And this is my thought of re-routing the traffic

I want to connect to Tailscale but not through local Docker Network because I may want to deploy my Runner elsewhere, in the future.

To implement it, I have to change my stack configuration in my Docker,

1. Add a tailscale reverse proxy to Gitea, I use hollie/tailscale-caddy-proxy for this purpose.

and now you have access to gitea via https://gitea.foo-bar.ts.net after you authenticate your host in Tailscale.

2. Register the Gitea Action. I use the third-party runner vegardit/gitea-act-runner for easier configuration.

There are couple things I want to address:

1. TS_USERSPACE=false and TS_ACCEPT_DNS=true must be here so that the runner can access the tailnet.
2. GITEA_RUNNER_JOB_CONTAINER_NETWORK must be set to the name of the tailscale container name.
   • In this case gitea-runner-tailscale_gitea_runner-1 because I created the container using Portainer’s stack function.
   • This configuration will be used for the runner container created by the Gitea Runner for each CI/CD job
3. You can define multiple Runner instance in one compose via the same tailscale network container.

3. The runners are seen by the Gitea after the deployment.

and my Cloudflare console is finally free. Yay!