DockFlare v3.0.5: A Tale of Two Toggles

## [v3.0.5] - 2025-10-14

### Added
- **HTTP/2 Origin Support:** Added support for enabling HTTP/2 protocol between `cloudflared` and origin services via the new `dockflare.http2_origin` label and UI controls. Required for gRPC services. Only applies to HTTP/HTTPS services.
- **Disable Chunked Encoding Support:** Added support for disabling chunked transfer encoding over HTTP/1.1 via the new `dockflare.disable_chunked_encoding` label and UI controls. Useful for WSGI servers (Flask, Django, FastAPI) and other origins that don't properly support chunked requests. Only applies to HTTP/HTTPS services.

Author: ChrispyBacon-dev

CHANGELOG.md

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
+## [v3.0.5] - 2025-10-14
+
+### Added
+- **HTTP/2 Origin Support:** Added support for enabling HTTP/2 protocol between `cloudflared` and origin services via the new `dockflare.http2_origin` label and UI controls. Required for gRPC services. Only applies to HTTP/HTTPS services.
+- **Disable Chunked Encoding Support:** Added support for disabling chunked transfer encoding over HTTP/1.1 via the new `dockflare.disable_chunked_encoding` label and UI controls. Useful for WSGI servers (Flask, Django, FastAPI) and other origins that don't properly support chunked requests. Only applies to HTTP/HTTPS services.
+
+---
+
 ## [v3.0.4] - 2025-10-11
 
 ### Added

README.MD

@@ -11,7 +11,7 @@
 </p>
 
 <p align="center">
-  <a href="https://github.com/ChrispyBacon-dev/DockFlare/releases"><img src="https://img.shields.io/badge/Release-v3.0.4-blue.svg?style=for-the-badge" alt="Release"></a>
+  <a href="https://github.com/ChrispyBacon-dev/DockFlare/releases"><img src="https://img.shields.io/badge/Release-v3.0.5-blue.svg?style=for-the-badge" alt="Release"></a>
   <a href="https://hub.docker.com/r/alplat/dockflare"><img src="https://img.shields.io/docker/pulls/alplat/dockflare?style=for-the-badge" alt="Docker Pulls"></a>
   <a href="https://www.python.org/"><img src="https://img.shields.io/badge/Made%20with-Python-1f425f.svg?style=for-the-badge" alt="Python"></a>
   <a href="https://github.com/ChrispyBacon-dev/DockFlare/blob/main/LICENSE.MD"><img src="https://img.shields.io/badge/License-GPL--3.0-blue.svg?style=for-the-badge" alt="License"></a>

dockflare/app/config.py

@@ -34,7 +34,7 @@ def _get_int_env(name, default, minimum=None):
         return default
 
 # --- DockFlare Version ---
-APP_VERSION = "v3.0.4"
+APP_VERSION = "v3.0.5"
 # --- web: https://dockflare.app ---
 # --- github: https://github.com/ChrispyBacon-dev/DockFlare ---
 

dockflare/app/core/docker_handler.py

@@ -157,6 +157,8 @@ def process_container_start(container_obj):
             service_label = get_label(labels, "service")
             zone_name_label = get_label(labels, "zonename")
             no_tls_verify_label = get_label(labels, "no_tls_verify", "false").lower() in ["true", "1", "t", "yes"]
+            http2_origin_label = get_label(labels, "http2_origin", "false").lower() in ["true", "1", "t", "yes"]
+            disable_chunked_encoding_label = get_label(labels, "disable_chunked_encoding", "false").lower() in ["true", "1", "t", "yes"]
 
             if hostname_label and service_label:
                 if is_valid_hostname(hostname_label) and is_valid_service(service_label):
@@ -166,6 +168,8 @@ def process_container_start(container_obj):
                         "no_tls_verify": no_tls_verify_label,
                         "origin_server_name": default_originsrvname_label.strip() if default_originsrvname_label else None,
                         "http_host_header": default_http_host_header_label.strip() if default_http_host_header_label else None,
+                        "http2_origin": http2_origin_label,
+                        "disable_chunked_encoding": disable_chunked_encoding_label,
                         "access_group": default_access_group,
                         "access_policy_type": default_access_policy_type_label,
                         "access_app_name": default_access_app_name_label,
@@ -194,6 +198,10 @@ def process_container_start(container_obj):
                 no_tls_verify_indexed = no_tls_verify_indexed_val.lower() in ["true", "1", "t", "yes"]
                 originsrvname_indexed_val = get_label(labels, f"{index}.originsrvname", default_originsrvname_label)
                 http_host_header_indexed_val = get_label(labels, f"{index}.httpHostHeader", default_http_host_header_label)
+                http2_origin_indexed_val = get_label(labels, f"{index}.http2_origin", str(http2_origin_label).lower())
+                http2_origin_indexed = http2_origin_indexed_val.lower() in ["true", "1", "t", "yes"]
+                disable_chunked_encoding_indexed_val = get_label(labels, f"{index}.disable_chunked_encoding", str(disable_chunked_encoding_label).lower())
+                disable_chunked_encoding_indexed = disable_chunked_encoding_indexed_val.lower() in ["true", "1", "t", "yes"]
 
                 access_groups_indexed = get_label(labels, f"{index}.access.groups")
                 raw_access_group_indexed = get_label(labels, f"{index}.access.group") if not access_groups_indexed else None
@@ -244,6 +252,8 @@ def process_container_start(container_obj):
                         "no_tls_verify": no_tls_verify_indexed,
                         "origin_server_name": originsrvname_indexed_val.strip() if originsrvname_indexed_val else None,
                         "http_host_header": http_host_header_indexed_val.strip() if http_host_header_indexed_val else None,
+                        "http2_origin": http2_origin_indexed,
+                        "disable_chunked_encoding": disable_chunked_encoding_indexed,
                         "access_group": access_group_indexed,
                         "access_policy_type": access_policy_type_indexed,
                         "access_app_name": access_app_name_indexed,
@@ -285,6 +295,8 @@ def process_container_start(container_obj):
                 no_tls_verify_from_item = config_item["no_tls_verify"]
                 origin_server_name_from_item = config_item.get("origin_server_name")
                 http_host_header_from_item = config_item.get("http_host_header")
+                http2_origin_from_item = config_item.get("http2_origin", False)
+                disable_chunked_encoding_from_item = config_item.get("disable_chunked_encoding", False)
 
                 target_zone_id = None
                 detected_zone_name = zone_name_from_item
@@ -349,6 +361,12 @@ def process_container_start(container_obj):
                         if existing_rule.get("http_host_header") != http_host_header_from_item:
                             existing_rule["http_host_header"] = http_host_header_from_item
                             rule_data_changed = True
+                        if existing_rule.get("http2_origin") != http2_origin_from_item:
+                            existing_rule["http2_origin"] = http2_origin_from_item
+                            rule_data_changed = True
+                        if existing_rule.get("disable_chunked_encoding") != disable_chunked_encoding_from_item:
+                            existing_rule["disable_chunked_encoding"] = disable_chunked_encoding_from_item
+                            rule_data_changed = True
 
                         existing_rule["source"] = "docker"
                         if master_tunnel_id and existing_rule.get("tunnel_id") != master_tunnel_id:
@@ -384,6 +402,8 @@ def process_container_start(container_obj):
                             "no_tls_verify": no_tls_verify_from_item,
                             "origin_server_name": origin_server_name_from_item,
                             "http_host_header": http_host_header_from_item,
+                            "http2_origin": http2_origin_from_item,
+                            "disable_chunked_encoding": disable_chunked_encoding_from_item,
                             "access_app_id": None,
                             "access_policy_type": None,
                             "access_app_config_hash": None,

dockflare/app/core/state_manager.py

@@ -143,6 +143,8 @@ def load_state():
                 rule_copy.setdefault("zone_name", None)
                 rule_copy.setdefault("no_tls_verify", False)
                 rule_copy.setdefault("origin_server_name", None)
+                rule_copy.setdefault("http2_origin", False)
+                rule_copy.setdefault("disable_chunked_encoding", False)
 
                 tunnel_name = rule_copy.get("tunnel_name")
                 if not tunnel_name or tunnel_name == "dockflare-tunnel":
@@ -500,6 +502,8 @@ def save_state():
                 "no_tls_verify": rule.get("no_tls_verify", False),
                 "origin_server_name": rule.get("origin_server_name"),
                 "http_host_header": rule.get("http_host_header"),
+                "http2_origin": rule.get("http2_origin", False),
+                "disable_chunked_encoding": rule.get("disable_chunked_encoding", False),
                 "access_app_id": rule.get("access_app_id"),
                 "access_policy_type": rule.get("access_policy_type"),
                 "access_app_config_hash": rule.get("access_app_config_hash"),

dockflare/app/core/tunnel_manager.py

@@ -261,6 +261,10 @@ def _build_ingress_entry_from_rule(rule_details):
         http_host_header = rule_details.get("http_host_header") or rule_details.get("httpHostHeader")
         if http_host_header:
             origin_request["httpHostHeader"] = http_host_header
+        if rule_details.get("http2_origin"):
+            origin_request["http2Origin"] = True
+        if rule_details.get("disable_chunked_encoding"):
+            origin_request["disableChunkedEncoding"] = True
     if origin_request:
         entry["originRequest"] = origin_request
     return entry
@@ -299,7 +303,9 @@ def _ingress_to_comparable(rule):
     no_tls = bool(origin.get("noTLSVerify"))
     origin_name = origin.get("originServerName") or ""
     http_host = origin.get("httpHostHeader") or ""
-    return (hostname, service, path, no_tls, origin_name, http_host)
+    http2_origin = bool(origin.get("http2Origin"))
+    disable_chunked = bool(origin.get("disableChunkedEncoding"))
+    return (hostname, service, path, no_tls, origin_name, http_host, http2_origin, disable_chunked)
 
 
 def _is_catch_all_rule(rule):

dockflare/app/static/js/main.js

@@ -229,6 +229,12 @@ function initializeEditRuleModal() {
                 const httpHostHeaderField = modal.querySelector('#edit_manual_http_host_header');
                 if (httpHostHeaderField) httpHostHeaderField.value = details.http_host_header || '';
 
+                const http2OriginField = modal.querySelector('#edit_http2_origin');
+                if (http2OriginField) http2OriginField.checked = details.http2_origin || false;
+
+                const disableChunkedEncodingField = modal.querySelector('#edit_disable_chunked_encoding');
+                if (disableChunkedEncodingField) disableChunkedEncodingField.checked = details.disable_chunked_encoding || false;
+
                 const tunnelDisplay = modal.querySelector('#edit_rule_tunnel_value');
                 const zoneDisplay = modal.querySelector('#edit_rule_zone_value');
                 const agentHint = modal.querySelector('#edit_rule_agent_hint');

dockflare/app/templates/docs/Container-Labels.md

@@ -16,6 +16,8 @@ These labels control the fundamental routing and service definition for a contai
 | `dockflare.no_tls_verify` | If set to `true`, disables TLS certificate verification for the connection between `cloudflared` and your origin service. Useful for origins with self-signed certificates. | `dockflare.no_tls_verify=true` |
 | `dockflare.originsrvname` | Sets a specific Server Name Indication (SNI) hostname for the TLS connection to the origin. This is also known as "Origin Server Name" in the Cloudflare dashboard. | `dockflare.originsrvname=internal.service.local` |
 | `dockflare.httpHostHeader` | Overrides the `Host` header sent from `cloudflared` to your origin service. | `dockflare.httpHostHeader=custom-host.internal` |
+| `dockflare.http2_origin` | If set to `true`, enables HTTP/2 protocol for the connection between `cloudflared` and your origin service. Required for gRPC services. Only applies to HTTP/HTTPS services. | `dockflare.http2_origin=true` |
+| `dockflare.disable_chunked_encoding` | If set to `true`, disables chunked transfer encoding over HTTP/1.1. Useful for WSGI servers (Flask, Django, FastAPI) and other origins that don't properly support chunked requests. Only applies to HTTP/HTTPS services. | `dockflare.disable_chunked_encoding=true` |
 
 > **Tip:** Starting with DockFlare v3.0, you can skip `dockflare.zonename` for most workloads. The master detects the correct Cloudflare zone by matching the hostname suffix and only falls back to the configured default zone when it cannot find a match. Provide the label when you intentionally want to place a record in a different zone.
 

dockflare/app/templates/status_page.html

@@ -196,7 +196,13 @@ <h3 class="font-bold text-xs uppercase opacity-80">Last Action</h3>
                                            {% endif %}
                                            {% if details.http_host_header %}
                                                <span class="badge badge-info badge-xs ml-1" title="HTTP Host Header: {{ details.http_host_header }}">Host: {{ details.http_host_header | truncate(20, True) }}</span>
-                                           {% endif %}    
+                                           {% endif %}
+                                           {% if details.http2_origin %}
+                                               <span class="badge badge-success badge-xs ml-1" title="HTTP/2 protocol enabled for origin connection">HTTP/2 Origin</span>
+                                           {% endif %}
+                                           {% if details.disable_chunked_encoding %}
+                                               <span class="badge badge-info badge-xs ml-1" title="Chunked transfer encoding disabled for HTTP/1.1">No Chunked Encoding</span>
+                                           {% endif %}
                                        </div>
                                    </td>
                                    <td class="p-3 whitespace-nowrap">
@@ -503,6 +509,20 @@ <h4 class="text-md font-semibold mb-2">Access Policy (Optional)</h4>
                                 <span class="label-text-alt">Overrides the <code>Host</code> header sent to your origin server. Useful for origins expecting a different hostname than the public one. (Only applies to HTTP/HTTPS services).</span>
                             </label>
                         </div>
+                        <div id="manual_http2_origin_div" class="form-control">
+                          <label class="label cursor-pointer justify-start gap-2">
+                            <input type="checkbox" name="manual_http2_origin" id="manual_http2_origin" class="checkbox checkbox-sm" />
+                            <span class="label-text">Enable HTTP/2 Origin</span>
+                          </label>
+                          <div class="text-xs opacity-60 ml-8">Enable HTTP/2 protocol between Cloudflare and your origin server. Required for gRPC services. (Only applies to HTTP/HTTPS services).</div>
+                        </div>
+                        <div id="manual_disable_chunked_encoding_div" class="form-control">
+                          <label class="label cursor-pointer justify-start gap-2">
+                            <input type="checkbox" name="manual_disable_chunked_encoding" id="manual_disable_chunked_encoding" class="checkbox checkbox-sm" />
+                            <span class="label-text">Disable Chunked Encoding</span>
+                          </label>
+                          <div class="text-xs opacity-60 ml-8">Disables chunked transfer encoding over HTTP/1.1. Useful for WSGI servers (Flask, Django) and other origins that don't support chunked requests. (Only applies to HTTP/HTTPS services).</div>
+                        </div>
                     </div>
                 </div>
                 <div id="manual_rule_feedback" class="hidden alert mt-4"></div>
@@ -640,6 +660,20 @@ <h4 class="text-md font-semibold mb-2">Access Policy (Optional)</h4>
                                 <span class="label-text-alt">Overrides the <code>Host</code> header sent to your origin server. Useful for origins expecting a different hostname than the public one. (Only applies to HTTP/HTTPS services).</span>
                             </label>
                         </div>
+                        <div id="edit_http2_origin_div" class="form-control">
+                          <label class="label cursor-pointer justify-start gap-2">
+                            <input type="checkbox" name="edit_http2_origin" id="edit_http2_origin" class="checkbox checkbox-sm" />
+                            <span class="label-text">Enable HTTP/2 Origin</span>
+                          </label>
+                          <div class="text-xs opacity-60 ml-8">Enable HTTP/2 protocol between Cloudflare and your origin server. Required for gRPC services. (Only applies to HTTP/HTTPS services).</div>
+                        </div>
+                        <div id="edit_disable_chunked_encoding_div" class="form-control">
+                          <label class="label cursor-pointer justify-start gap-2">
+                            <input type="checkbox" name="edit_disable_chunked_encoding" id="edit_disable_chunked_encoding" class="checkbox checkbox-sm" />
+                            <span class="label-text">Disable Chunked Encoding</span>
+                          </label>
+                          <div class="text-xs opacity-60 ml-8">Disables chunked transfer encoding over HTTP/1.1. Useful for WSGI servers (Flask, Django) and other origins that don't support chunked requests. (Only applies to HTTP/HTTPS services).</div>
+                        </div>
                     </div>
                 </div>
                 <div class="modal-action mt-8 pt-4 border-t border-base-300">