DockFlare (Tunnel management)

Time Required

5 Minutes

Difficulty

Easy

Required Knowledge

Cloudflare DNS, Cloudflare Zero Trust, Docker Compose

Please ensure you have followed Set up Wildcard application before following this guide - you may accidentally make your internal resources public.

Generate an API key

You will need an API key with write access to your Cloudflare Zero Trust and DNS zones

Navigate to https://dash.cloudflare.com/profile/api-tokens
At API tokens, click on 'Create Token'
Select the 'Custom Token' and set the below
1. Give your token a name, eg "Dockflare"
2. Permissions:
  Account
  Cloudflare Tunnel
  Edit
  Account
  Account Settings
  Read
  Account
  Access: Apps and Policies
  Edit
  Zone
  Zone
  Read
  Zone
  DNS
  Edit
3. Account Resources"
  Include
  All Accounts
4. Zone Resources"
  Include
  All Zones (or select specific domains)
Click on 'Continue to Summary'
Click on 'Create token'
Save your API key to your password vault

Get your Account ID

Navigate to https://dash.cloudflare.com/
Next to your name / account name, click on the 3 dots menu
Click on Copy Account ID
Save to your Password vault

Create Portainer Stack

The below compose file is NOT my live production file - refer to the all docker stack under the 'homelab' section

docker-compose.yml

services:
    dockflare:
    image: alplat/dockflare:v2.0.4 
## This older image does NOT require setting up the WebUI for it to function
    restart: unless-stopped
    healthcheck:
      test: wget --no-verbose --tries=1 --spider http://localhost:5000 -O /dev/null || exit 1
      interval: 30s
      retries: 3
      start_period: 30s
      timeout: 20s 
    ports:
      - ${WEB_PORT:-5000}:5000
    environment:
      - TUNNEL_NAME=${HOSTNAME:-MissingHostname}
## Forces Cloudflare tunnel to run with the Host network
      - CLOUDFLARED_NETWORK_NAME=host
      - CLOUDFLARED_IMAGE=cloudflare/cloudflared:${CF_TUNNELVER:-latest}  
      - CF_API_TOKEN=${CF_APITOKEN}
      - CF_ACCOUNT_ID=${CF_ACCOUNTID}
      - AGENT_STATUS_UPDATE_INTERVAL_SECONDS=5
      - SYNC_ALL_CLOUDFLARE_POLICIES=true
      - TZ=${TZ:-UTC}
      - GRACE_PERIOD_SECONDS=28800
      - CLEANUP_INTERVAL_SECONDS=900
      - SCAN_ALL_NETWORKS=true
      - MAX_CONCURRENT_DNS_OPS=${DOCKFLARE_DNSOPS:-2}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - dockflare:/app/data
    labels:
      - autoheal=true
      - dockflare.enable=true
      - dockflare.0.hostname=${HOSTNAME:-MissingHostname}-dockflare.${DOMAIN}
      - dockflare.0.service=http://${HOSTNAME:-localhost}:${DOCKLAREPORT:-5000}
      - dockflare.0.access.policy=authentication
      - dockflare.0.tunnel.name=Dockflare
      - dockflare.0.zonename=${DOMAIN}
      #- cloudflare.tunnel.path=${URLPATH:-}

volumes:
  dockflare:

.env file

# --- General System ---
TZ=
## Internal DNS name (do not use IP) of the machine running Dockflare
HOSTNAME=
## https://hub.docker.com/r/cloudflare/cloudflared/tags
CF_TUNNELVER=latest

# --- Cloudflare Credentials ---
## API token
CF_APITOKEN=
## Account ID
CF_ACCOUNTID=

# --- Domain Settings ---
## Your Dockflare container will be available at ${hostname}-dockflare.${domain}
DOMAIN=

# --- Networking ---
WEB_PORT=5000

How to use Dockflare

Add the following labels to any docker compose containers you wish to make accessible via Zero Trust,

      labels:
            - dockflare.enable=true
            - dockflare.0.hostname=${SUBDOMAIN}${DOMAIN}
            - dockflare.0.service=http://${HOSTNAME:-localhost}:${WEBPORT:-5000}
            - dockflare.0.access.policy=${DF_POLICY:-tld_default}
            - dockflare.0.tunnel.name={DF_APPNAME}
            - dockflare.0.zonename=${DOMAIN}
            - dockflare.0.tunnel.path=${URLPATH:-}

and use the following env files

HOSTNAME=
WEBPORT=
POLICY=tld_default
APPNAME=
DOMAIN=

It is possible to have multiple Dockflare links to 1 container, eg an internal admin page and a public status page. Use dockflare.1.xxx, dockflare.2.xxx, dockflare.3.xxx etc for this You may need to edit the variables to make this function correctly

PreviousCloudflare Zero Trust NextDocker Compose

Last updated 18 days ago

hashtagPlease ensure you have followed Set up Wildcard application before following this guide - you may accidentally make your internal resources public.

hashtagGenerate an API key

hashtagGet your Account ID

hashtagCreate Portainer Stack

hashtagHow to use Dockflare

Please ensure you have followed Set up Wildcard application before following this guide - you may accidentally make your internal resources public.

Generate an API key

Get your Account ID

Create Portainer Stack

How to use Dockflare