-
-
Couldn't load subscription status.
- Fork 68
BasicUsageSingleDomain.md
This is the standard and most common method for exposing a single service from a Docker container using one public hostname.
You add a set of non-indexed labels directly to the container's definition in your docker-compose.yml. These keys are described in detail in the Container Labels page.
Here's an example of exposing a simple nginx web server as www.example.com. We assume both DockFlare and this new service are on the same cloudflare-net Docker network, allowing them to communicate.
version: '3.8'
services:
# Your DockFlare service definition (from Quick Start)
dockflare:
image: alplat/dockflare:stable
container_name: dockflare
restart: unless-stopped
ports:
- "5000:5000"
env_file:
- .env
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- dockflare_data:/app/data
networks:
- cloudflare-net
# The web service you want to expose
my-website:
image: nginx:latest
container_name: my-website
restart: unless-stopped
networks:
- cloudflare-net # Must be on a network DockFlare can reach
labels:
# --- DockFlare Labels ---
# 1. Enable DockFlare management for this container
- "dockflare.enable=true"
# 2. Define the public hostname
- "dockflare.hostname=www.example.com"
# 3. Define the internal service address (protocol://container_name:port)
- "dockflare.service=http://my-website:80"
# This rule will be public by default.When you run docker compose up -d, DockFlare detects the my-website container and automatically creates the Cloudflare DNS record and Tunnel ingress rule. Your service becomes publicly accessible at https://www.example.com.
Here, we'll expose a private service (like a dashboard) and secure it using a Cloudflare Access policy, requiring users to log in.
# (Continuing from the services block above)
# A private dashboard you want to expose securely
private-dashboard:
image: some/dashboard-app
container_name: private-dashboard
restart: unless-stopped
networks:
- cloudflare-net
labels:
# --- Ingress Labels ---
- "dockflare.enable=true"
- "dockflare.hostname=dashboard.example.com"
- "dockflare.service=http://private-dashboard:8080"
# --- Access Policy Labels ---
# 4. Secure this service with a Cloudflare Access policy
- "dockflare.access.policy=authenticate"
- "dockflare.access.session_duration=8h"-
dockflare.enable="true": This is the master switch that tells DockFlare to pay attention to this container. -
dockflare.hostname="dashboard.example.com": This specifies the public URL. DockFlare will create a CNAME DNS record for this hostname pointing to your tunnel. -
dockflare.service="http://private-dashboard:8080": This tells the Cloudflare Tunnel where to send the traffic internally. Because both containers are on thecloudflare-netnetwork, Docker's built-in DNS can resolve the container nameprivate-dashboard. -
dockflare.access.policy="authenticate": This is the key for Zero Trust security. DockFlare will automatically create a Cloudflare Access Application fordashboard.example.comthat requires users to authenticate with an identity provider you've configured in your Cloudflare account.
This combination of ingress and access labels allows you to define your entire service exposure and security posture declaratively from your docker-compose.yml file.