Skip to content

BasicUsageSingleDomain.md

Jump to bottom
Chris edited this page Apr 22, 2025 · 3 revisions

Basic Usage (Single Domain)

This is the standard method for exposing a single service from a Docker container through DockFlare using one public hostname.

Labeling Strategy

You add a set of labels directly to the container definition, using the keys described in Container Labels.

Example docker-compose.yml

Here's an example of exposing a simple nginx service as my-web-app.example.com. Assume DockFlare and this service are on the same cloudflare-net Docker network.

version: '3.8'

services:
  # Your DockFlare service definition (from Quick Start)
  dockflare:
    image: alplat/dockflare:stable
    container_name: dockflare
    restart: unless-stopped
    ports:
      - "5000:5000"
    env_file:
      - .env
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - dockflare_data:/app/data
    networks:
      - cloudflare-net # DockFlare needs access to the network

  # The service you want to expose
  my-web-app:
    image: nginx:latest
    container_name: my-nginx-app
    restart: unless-stopped
    networks:
      - cloudflare-net # Must be on a network DockFlare can reach
    labels:
      # --- DockFlare Labels ---
      # 1. Enable DockFlare management for this container
      cloudflare.tunnel.enable: "true"

      # 2. Define the public hostname (must be in a zone you control via CF_ZONE_ID or zonename label)
      cloudflare.tunnel.hostname: "my-web-app.example.com"

      # 3. Define the internal service target (protocol://container_name_or_ip:port)
      #    Using container name requires Docker's internal DNS resolution on the shared network.
      cloudflare.tunnel.service: "http://my-web-app:80"

      # 4. Optional: Specify the zone if different from CF_ZONE_ID
      # cloudflare.tunnel.zonename: "example.com"

      # 5. Optional: Disable TLS verification if the internal service uses HTTPS with self-signed certs
      # cloudflare.tunnel.no_tls_verify: "true"

volumes:
  dockflare_data:

networks:
  cloudflare-net:

Explanation

  1. cloudflare.tunnel.enable: "true": Tells DockFlare to manage this container.
  2. cloudflare.tunnel.hostname: "my-web-app.example.com": Specifies that traffic to my-web-app.example.com should be routed through the tunnel. DockFlare will create a CNAME DNS record for this hostname pointing to the tunnel.
  3. cloudflare.tunnel.service: "http://my-web-app:80": Instructs the Cloudflare Tunnel to forward requests for my-web-app.example.com to port 80 of the container named my-web-app using HTTP. The container name my-web-app is resolvable on the cloudflare-net network via Docker's built-in DNS.
  4. cloudflare.tunnel.zonename (Optional): If example.com is not the zone specified by the CF_ZONE_ID environment variable in DockFlare's configuration, you would uncomment and set this label.
  5. cloudflare.tunnel.no_tls_verify (Optional): Only needed if your internal service uses https:// and has a certificate that Cloudflare shouldn't (or cannot) verify (like a self-signed certificate). For standard HTTP services, it's not required.

When you run docker compose up -d with this configuration, DockFlare will detect the my-web-app container and automatically configure Cloudflare Tunnel and DNS to make http://my-web-app.example.com (or https:// if Cloudflare provides it) accessible publicly.

Clone this wiki locally