Configuring root domain – CloudFlare Tunnel and SWAG

Will start by saying that I’m an enthusiast, not an expert.

After following the instructions on the ‘Zero Trust Hosting and Reverse Proxy via Cloudflare, SWAG and Authelia’ blog, I have successfully published multiple services with SSO.

My root domain is not reachable, and I cannot figure out how to configure it so that it is.
How do I configure a tunnel so that my root domain is accessible and, preferably, proxied?

docker-compose.yml:

---
services:
  swag:
    image: lscr.io/linuxserver/swag:latest
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - URL=mydomain.dev
      - VALIDATION=dns
      - SUBDOMAINS=wildcard
      - DNSPLUGIN=cloudflare
      - ONLY_SUBDOMAINS=false
      - DOCKER_MODS=linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared|linuxserver/mods:swag-dashboard
      - DOCKER_HOST=dockerproxy
      - CF_ZONE_ID=abc123
      - CF_ACCOUNT_ID=abc123
      - CF_API_TOKEN=abc123
      - CF_TUNNEL_NAME=mydomain.dev-swag
      - CF_TUNNEL_PASSWORD=abc123
      - FILE__CF_TUNNEL_CONFIG=/config/tunnelconfig.yml
    extra_hosts:
      - mydomain.dev:127.0.0.1
    volumes:
      - ./config:/config
    ports:
      - 443:443
      - 8080:80 #optional
    networks:
      - homelab
    restart: unless-stopped
  dockerproxy:
    image: ghcr.io/tecnativa/docker-socket-proxy
    container_name: dockerproxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - CONTAINERS=1
      - POST=0
    restart: unless-stopped

networks:
  homelab:
    external: true

tunnelconfig.yml

ingress:
  - hostname: mydomain.dev
    service: https://mydomain.dev
  - hostname: "*.mydomain.dev"
    service: https://mydomain.dev
  - service: http_status:404

I’ve got the same issue. Would love some help with this.