Skip to content

Latest commit

 

History

History
146 lines (102 loc) · 8.85 KB

README.md

File metadata and controls

146 lines (102 loc) · 8.85 KB

Cloudflared-web is a docker image that packages both cloudflared cli and a simple Web UI to easily start or stop remotely-managed Cloudflare tunnel.

build latest pulls stars


Why use Cloudflared-web?

Pros

✅ Only need to run a docker command once. No need to run docker commands everytime you want to start or stop the container or when updating the token.

✅ Start and stop cloudflare tunnel anytime with a single click.

Cons

❌ Only supports Remotely-managed Tunnels.

❌ Can only update hostname policies through the ZeroTrust dashboard.


Application Setup

When manually setting up this image, it is crucial to always set the networking mode into host as without it, the cloudflared service won't be able to access the services running on the host:

docker run --network host wisdomsky/cloudflared-web:latest

or if using docker-compose.yml:

services:
  cloudflared:
    image: wisdomsky/cloudflared-web:latest
    restart: unless-stopped
    network_mode: host

The Web UI where you can setup the Cloudflared token can be accessed from port 14333:

http://localhost:14333

Github Containers

If for some reason you are unable to pull images from Docker's Official Image Registry (docker.io), Cloudflared-web is also synced to Github Container Registry (ghcr.io).

Just prefix the image with ghcr.io/ in order to use the mirrored image in Github.

services:
  cloudflared:
    image: ghcr.io/wisdomsky/cloudflared-web:latest
    restart: unless-stopped
    network_mode: host

Additional Parameters

Environment

Variable Name Default value Required or Optional Description
WEBUI_PORT 14333 Optional The port on the host where the WebUI will be running. Useful when an existing process is running on port 14333 and want to assign cloudflared-web into a different available port.
BASIC_AUTH_PASS Optional Enable Basic Auth by specifying a password. If BASIC_AUTH_USER is not specified, the default value for username admin will be used.
BASIC_AUTH_USER admin Optional Specify the username for the Basic Auth.
EDGE_BIND_ADDRESS Optional Specifies the outgoing IP address used to establish a connection between cloudflared and the Cloudflare global network.

The IP version of EDGE_BIND_ADDRESS will override EDGE_IP_VERSION (if provided). For example, if you enter an IPv6 source address, cloudflared will always connect to an IPv6 destination.
EDGE_IP_VERSION auto Optional Specifies the IP address version (IPv4 or IPv6) used to establish a connection between cloudflared and the Cloudflare global network. Available values are auto, 4, and 6.
PROTOCOL auto Optional Specifies the protocol used to establish a connection between cloudflared and the Cloudflare global network. Available values are auto, http2, and quic.
GRACE_PERIOD 30s Optional When cloudflared receives SIGINT/SIGTERM it will stop accepting new requests, wait for in-progress requests to terminate, then shut down. Waiting for in-progress requests will timeout after this grace period, or when a second SIGTERM/SIGINT is received.
REGION Optional Allows you to choose the regions to which connections are established. Currently the only available value is us, which routes all connections through data centers in the United States. Omit or leave empty to connect to the global region.
RETRIES 5 Optional Specifies the maximum number of retries for connection/protocol errors. Retries use exponential backoff (retrying at 1, 2, 4, 8, 16 seconds by default), so it is NOT RECOMMENDED that you increase this value significantly.
METRICS_ENABLE false Optional Enable tunnel metrics server.
METRICS_PORT 60123 Optional Specify port to run tunnel metrics on. METRICS_ENABLE must be set to true.

Based on Cloudflare tunel run parameters documentation.

example docker-compose.yaml:

services:
  cloudflared:
    image: wisdomsky/cloudflared-web:latest
    restart: unless-stopped
    network_mode: host
    environment:
      WEBUI_PORT: 1111
      PROTOCOL: http2

Volume

Container Path Required or Optional Description
/config Optional The path to the directory where the config.json file containing the Cloudflare token and start status will be saved.

example docker-compose.yaml:

services:
  cloudflared:
    image: wisdomsky/cloudflared-web:latest
    restart: unless-stopped
    network_mode: host
    volumes:
      - /mnt/storage/cloudflared/config:/config

Using Networks

You can use docker networks for a more fine-grained control of which containers/services your cloudflared-web container has access to.

services:
  cloudflared:
    image: wisdomsky/cloudflared-web:latest
    restart: unless-stopped
    networks:
      - mynetwork
    environment:
      WEBUI_PORT: 1111

Screenshots

Screenshot 1

Screenshot 2


Issues

For any problems experienced while using the docker image, please create a new issue.


Contribute

Adding A Language Translation

See Localization.