I configured an Access Tunnel that terminates in a cloudflare/cloudflared docker container on my docker host. Everything is running via docker compose. In the Access dash I have a tunnel setup for the same, with the connection from the docker host as the connector. In the tunnel config I have two public hostnames configured for the two apps I want to share. I have the service for each pointing to https://localhost:8989 (as an example). In Access I configured applications for the two services to publish with the application URLs pointing to the same public hostnames configured under the tunnel. In my DNS records dash I have a pair of CNAMEs that match the applications and public hostnames, those CNAMEs point to the Argo tunnel identifiers. On the docker side I have the three containers (cloudflared and the two applications) on the same network by themselves. The applications are publishing their ports, the same as I specified in the tunnel public hostnames services. When I try to hit the services I initially get the Access authentication page, then once I authenticate instead of getting the requested service I'm getting a 502 error. The Ray IDs don't show me a ton other than the traffic being allowed. When I look at the docker container logs for cloudflared I was seeing requests for the apps with an error of:

cloudflared  | 2023-05-27T03:22:47Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:8989: connect: connection refused" cfRay=<RAYID>-SEA event=1 ingressRule=1 originService=https://localhost:8989
cloudflared  | 2023-05-27T03:22:47Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:8989: connect: connection refused" connIndex=0 dest=https://myapp.mydomain.com/ event=0 ip=198.41.192.47 type=http

Any ideas?