DockFlare is a free, open-source tool to manage Cloudflare Tunnels

1 month ago 1

There are plenty of ways to secure your self-hosted apps and access them from outside your home network, with varying degrees of knowledge necessary to get them running safely. You could use a VPN, or something like Pangolin or Tailscale, but given how prevalent Cloudflare is, they've got a solution that's almost as easy to use as its DNS registry.

Cloudflare Tunnels use your domain name and create a secure tunnel from that domain to the apps and servers you point it at. Even though it only takes a few clicks and the addition of one client file inside your firewall, that's still extra work when you want to figure out new services.

But I found a cool project called DockFlare that automates the creation of Cloudflare Tunnels, based on container names and a few short Docker labels. I've been playing around with it, and it's powerful and simple enough to run in no time at all, even without much container knowledge.

It helps me keep track of Cloudflare Tunnels

While I can't deny Cloudflare Tunnels are simple to set up, keeping track of which one goes where can be exhausting. Once you have a bunch running, digging through the Cloudflare dashboard is a thankless task. Plus, you still have to manually install the client file on your server whenever you create a new tunnel.

DockFlare takes care of both of these things, and more. It creates a new Docker network to link your containers together, then leverages that and the names of new containers to create tunnels on your behalf. Once set up with a custom Cloudflare API key, it'll manage the Cloudflared agent, your DNS records and everything else, then add them to the web-based GUI for easy management.

How Cloudflare's wall of lava lamps helps keep the internet safe

A wall of lava lamps, dubbed the "Wall of Entropy," is a core pillar of Cloudflare's key generation.

It helps me keep track of Cloudflare Tunnels

I just want to use my self-hosted apps from elsewhere, without the headache

Did I say how much I value simplicity and things working as intended? Well, DockFlare wins on both counts, because it handles automatic ingress rules for all my containers, right after they get started. All it needs is the container name, and three labels inside that lay out the subdomain and target port to use.

(prefix: cloudflare.tunnel.): enable="true", hostname="subdomain.example.com", service="http://target:port".

That's it, and you can point it to one service, or have multi-domains in one compose file by indexing the label section with groups of the same three labels. Or leverage a wildcard domain and have everything go through one tunnel, from one domain name, based on the port used for the service.

It's also built for easy management, as the ingress rules get deleted once a container goes away, but not too quickly, just in case you're replacing it with another copy. And we all know the Cloudflare API has rate limits which makes bringing multiple containers up at once trickier, but DockFlare also knows this and will stay under the rate limit so you don't get errors.

It's a steep hill to climb to begin with but it starts to make sense

I'm going to be brutally honest here; I'm still finding my way with Docker and containers as a whole. My background in computing is either bare metal or virtual machines, and getting used to how containers work and where they store their data is slowly trickling into my brain. It's probably not helped by using my Synology and its Container app instead of setting up a 'nix server and doing it that way, but that's next on my list.

I know. It used to have standard Docker features until the company did what it always does and built its own to lock you in. It's temporary anyway, as I'm assembling the machines for a Proxmox HA cluster, which will hold most of my home lab. I can't wait to see what chaos I cause with that, but until then I'm teaching myself the Docker ropes in an Ubuntu VM with Docker Desktop. Maybe I should use Podman or something else, but I'm easily persuaded to try other things. At least the settings and storage will be easy to transfer over, and those yummy yaml compose files.

Running Docker Desktop inside a Debian VM on a Proxmox server

25 essential commands every Docker user should know

Docker's command-line interface may seem intimidating, but these commands can help you master it in no time!

DockFlare is fantastic and the dev is only getting started

I value ease of use in my home lab, whether that's processes that I understand after years of practice, or things I can get cobbled together in a few hours of learning. DockFlare absolutely fits in the latter camp, and the part that took me the longest was realizing I needed to use my Cloudflare domain and not the Synology DDNS one for the DNS entries. Once that was ironed out, spinning up the containers was quick, and watching the Cloudflare Tunnels magically appear without me having to fight for another few hours was so satisfying. If you're using Tunnels because Cloudflare makes everything else easy, adding DockFlare makes it even simpler.