Cloudflare tunnels with Docker

───✱*.｡:｡✱*.:｡✧*.｡✰*.:｡✧*.｡:｡*.｡✱ ───

I love you Let’s Talk Dev… my savior frfr: Cloudflare Tunnels for Docker: A Step-by-Step Guide to Securely Exposing Your Self Hosted Apps

youtube tutorial embed

Create a tunnel (dashboard) · Cloudflare Zero Trust docs

Reddit: Is there an easier way to use cloudflared tunnels? : r/selfhosted

Alternatives: Linux Handbook: Cloudflare Tunnels Alternatives

Overview

Use Cloudflare tunnels to expose docker services to the web under your domain name.

1. Docker-compose your service
2. Set up a tunnel through Cloudflare zero trust
3. Add the tunnel to the docker compose to connect the two
4. Set up https

The example I will use is uptime-kuma.

Docker compose, part 1

services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    volumes:
      - ./data:/app/data
    ports:
      # <Host Port>:<Container Port>
      - 3001:3001
    restart: unless-stopped

And deploy the stack!

Tunneling

Cloudflare Dashboard | Manage Your Account

⇒ Zero Trust ⇒ Networks ⇒ Tunnels

Caption

Select Cloudflared.

The token is kind of hidden so you need to click this whole thing to get the token value. Before going next, go back to the docker compose file.

Docker compose, part 2

Add this second half of the file.

services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    volumes:
      - ./data:/app/data
    ports:
      # <Host Port>:<Container Port>
      - 3001:3001
    restart: unless-stopped

  cloudflared:
    image: cloudflare/cloudflared:latest
    restart: unless-stopped
    command: tunnel --no-autoupdate run
    environment:
      - TUNNEL_TOKEN=${TUNNEL_TOKEN}

Add an environment variable TUNNEL_TOKEN which is set to the full value of the token given in the previous step. Deploy the stack again.

Back to tunnels

In the same screen as before, there should be an entry at the bottom for connections, then it’s ok to go next.

Go to the public hostname section:

Set the subdomain to whatever, and the domain is a dropdown.

Service: choose HTTP and the URL is the name of the service:internal port in the docker machine

With kuma, I put uptime-kuma:3001

Let’s say I have another service that I have at port 80 internally, but externally it’s port 85 because it’s conflicting with other stuff. Although locally I access it at IP_ADDRESS:85, I would put service:80 here.

Last step

Transclude of Cloudflare#https

Final words

Hooray! After a few minutes, it should all propagate.

How to check the logs for errors:

• per-stack logs
• docker logs cloudflared

It’s all a matter of finding the right tutorial…

Random extras:

• Secure Self-Hosting with Cloudflare Tunnels and Docker: Zero Trust Security - DEV Community
• Setting up a reverse proxy for HTTPS with a custom domain using Nginx Proxy Manager, Pi-Hole and Cloudflare
• Guide: Cloudflare Tunnel with Nginx Proxy Manager · GitHub

───✱*.｡:｡✱*.:｡✧*.｡✰*.:｡✧*.｡:｡*.｡✱ ───