cloudflare cloudflare tunnel containerization debian docker fedora free open source software linux ubuntu apigateway, automation, cloudflare, cloudflareaccess, cloudflaretunnel, Containerization, cybersecurity, devops, DNS, Docker, dockercompose, dockflare, homelab, linux, networksecurity, opensource, privacy, reverseproxy, securehosting, securewebapps, selfhostedapps, selfhosting, ssl, SysAdmin, tunneling, webhosting, zerotrust 9M2PJU May 23, 2025 0 Comments

DockFlare: Securely Expose Docker Services with Cloudflare Tunnels

🌟 Introduction: What Is DockFlare?

Self-hosting applications has become increasingly popular among developers, tech enthusiasts, and homelabbers. However, securely exposing internal services to the internet is often a complicated task. It involves:

Opening firewall ports
Dealing with dynamic IPs
Managing TLS certificates
Handling reverse proxies
Setting up access control

This is where DockFlare comes in.

DockFlare is a lightweight, self-hosted Cloudflare Tunnel automation tool for Docker users. It simplifies the process of publishing your internal Docker services to the public internet through Cloudflare Tunnels, while providing optional Zero Trust security, DNS record automation, and a sleek web interface for real-time management.

🎯 Objectives of DockFlare

DockFlare was created to solve three key problems:

Simplicity: Configure secure public access to your Docker containers using just labels—no reverse proxy, SSL setup, or manual DNS records needed.
Security: Protect your services behind Cloudflare’s Zero Trust Access, supporting identity-based authentication (Google, GitHub, OTP, and more).
Automation: Automatically create tunnels, subdomains, and security policies based on your Docker service metadata. No scripting. No re-deploys.

💡 Why Use DockFlare?

Here’s how DockFlare benefits its users:

🚀 Quick Setup: Set up secure tunnels and expose services in seconds with Docker labels.
🔐 Zero Trust Security: Enforce authentication for any service using Cloudflare Access.
🌍 No Public IP Required: No need to forward ports or expose your home IP—perfect for CG-NAT and mobile ISPs.
🛡️ Safe by Default: TLS encryption, no open ports, and access rules built-in.
🖥️ User-Friendly UI: Visualize tunnels, view logs, and manage configurations in a web dashboard.
🧰 DevOps Ready: Works seamlessly in CI/CD pipelines or home labs.

🛠️ How to Install DockFlare

🧾 Requirements

Docker and Docker Compose
A Cloudflare account
A domain connected to Cloudflare
A Cloudflare API Token with:
- Zone DNS edit
- Zero Trust policy management
- Tunnel management

📁 Step 1: Create Your Project Directory

mkdir dockflare && cd dockflare

📝 Step 2: Create `.env` File

Create a file named .env with the following contents:

CLOUDFLARE_API_TOKEN=your_token_here
CLOUDFLARE_ACCOUNT_ID=your_account_id
CLOUDFLARE_ZONE_ID=your_zone_id
TZ=Asia/Kuala_Lumpur

🔒 Keep this file private!

🐳 Step 3: Create `docker-compose.yml`

version: '3.8'

services:
  dockflare:
    image: alplat/dockflare:stable
    container_name: dockflare
    restart: unless-stopped
    env_file:
      - .env
    ports:
      - "5000:5000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - dockflare_data:/app/data
    labels:
      - cloudflare.tunnel.enable=true
      - cloudflare.tunnel.hostname=dockflare.yourdomain.com
      - cloudflare.tunnel.service=http://dockflare:5000

volumes:
  dockflare_data:

▶️ Step 4: Deploy DockFlare

docker compose up -d

Access the UI: http://localhost:5000

🌐 Exposing a Docker Service

Here’s an example of exposing a service like myapp running on port 8080:

services:
  myapp:
    image: myapp:latest
    labels:
      cloudflare.tunnel.enable: "true"
      cloudflare.tunnel.hostname: "app.yourdomain.com"
      cloudflare.tunnel.service: "http://myapp:8080"
      cloudflare.tunnel.access.policy: "authenticate"
      cloudflare.tunnel.access.allowed_idps: "your-idp-uuid"

🔐 This will automatically:

Create a Cloudflare Tunnel

Point your subdomain to it

Enforce secure login

🌍 Add Non-Docker Services

Want to expose your home router or NAS?

Go to DockFlare UI.
Click “Add Hostname”.
Enter:
- Hostname (e.g., nas.yourdomain.com)
- Internal IP/port
- Access policy (bypass/authenticate)
Done!

This works for any service, not just Docker.

🔐 Configuring Zero Trust Access

To secure your services:

Go to Cloudflare Zero Trust dashboard
Add an identity provider (Google, GitHub, etc.)
Use the IDP UUID in your container labels
Example:

cloudflare.tunnel.access.policy: authenticate
cloudflare.tunnel.access.allowed_idps: abc123-def456
cloudflare.tunnel.access.session_duration: 8h

🧠 Advanced Tips

Expose multiple hostnames:
cloudflare.tunnel.hostname=api.domain.com,admin.domain.com
Customize session duration:
cloudflare.tunnel.access.session_duration=12h
Monitor logs via the web UI or docker logs dockflare

📚 Resources

GitHub: ChrispyBacon-dev/DockFlare
Docker Compose Docs: docker.com/compose
Cloudflare Tunnels Guide: developers.cloudflare.com

🏁 Conclusion

DockFlare is a game-changer for developers, sysadmins, and homelabbers who want an easy, secure, and automated way to expose their applications to the web. With support for Cloudflare Tunnels, Zero Trust Access, DNS automation, and a clean UI—it’s the only tool you’ll need to publish your services safely.

No more port forwarding. No more SSL headaches.

Just Docker + DockFlare + Cloudflare = Done. ✅