/cloudflared-docker

Uses a dockerfile to set up cloudflared tunnel service and DNS records

Primary LanguageShellGNU General Public License v3.0GPL-3.0

Cloudflared Docker

This docker image can be useful in scenarios where you wish to run a Cloudflare Tunnel (formerly Argo Tunnnel) alongside other containerised services on the same host. It runs an instance of cloudflared

In a nutshell, the startup process is as follows:

  • Build and install any dependencies, including cloudflared itself
  • Generate the config file used to run the tunnel, including ingress rules
  • Validate tunnel config
  • Parse the provided ingress rules, creating any DNS records required by services using this tunnel instance

Prerequisites

The following are required and must be set as environment variables at runtime:

  • CF_ZONE_ID: Identifier of the DNS zone
  • CF_ACCOUNT_ID: You Cloudflare account ID
  • CF_TUNNEL_NAME: Name to use when creating this tunnel (must be unique)
  • CF_API_TOKEN: API Token (not key!) created via CF dashboard with the following permissions:
    • Cloudflare Tunnel:Edit, Cloudflare Tunnel:Read
    • Zone:Read, DNS:Read, Zone:Edit, DNS:Edit
  • CF_TUNNEL_PASSWORD: Must be >= 32 characters long
  • CF_TUNNEL_CONFIG_FILE: Path to configuration file relative to the Dockerfile. If unset then ./config.yml will be used
  • CF_ORIGIN_CERT: Base64 encoded account certificate, used to authenticate your instance of cloudflared against your Cloudflare account. If you have not created a tunnel before, you can obtain this file by downloading cloudflared and running cloudflared tunnel login on your local machine.

Architecture compatibility

Supports x86_64, ARM64, and ARMv7 architectures.

Usage

Included are examples using this service in a docker-compose file (I use this when deploying to a RaspberryPi via Balena), or to cloud-based infrastructure via Fly.io. In the fly.io example, it is possible to use the tunnel to point to services on a completely different host.