-
-
Couldn't load subscription status.
- Fork 68
Switching‐Between‐Modes.md
Switching between DockFlare's Internal (managed) and External cloudflared modes is an advanced operation that requires manual steps to ensure a clean transition.
Caution
ADVANCED USERS ONLY - PROCEED WITH CAUTION
Switching modes is not an automated process. It requires manual cleanup of resources on both your Docker host and the Cloudflare dashboard. Failure to follow these steps can result in orphaned configurations, conflicting DNS records, and services being unreachable.
The safest path is always to ensure a clean state. Before proceeding, please read the External cloudflared Mode guide to fully understand its requirements.
Follow these steps if you are currently using DockFlare's managed agent and want to switch to using your own externally managed cloudflared instance.
Goal: Stop using the DockFlare-managed agent and tunnel, and have DockFlare manage rules for your own pre-existing tunnel.
Before changing DockFlare, ensure your external cloudflared agent is fully configured, running, and connected to Cloudflare. You will need its Tunnel ID (UUID) for the next steps.
Bring your entire DockFlare stack down completely.
docker compose downEdit your .env file to enable external mode:
- Set
USE_EXTERNAL_CLOUDFLARED=true. - Set
EXTERNAL_TUNNEL_IDto the UUID of your existing tunnel. - You can now remove or comment out the
TUNNEL_NAMEvariable, as it will be ignored.
This is the most critical step to prevent conflicts.
-
Remove the Managed Agent Container: DockFlare created an agent container (e.g.,
cloudflared-agent-dockflare-tunnel). Whiledocker compose downshould remove it, you can ensure it's gone by checkingdocker ps -a. - (Optional but Recommended) Delete the Old Managed Tunnel: Log in to the Cloudflare Zero Trust dashboard, navigate to Access -> Tunnels, and delete the old tunnel that DockFlare was managing. This keeps your account clean. All DNS records pointing to it will become stale.
-
Delete Local State: You must remove the old
state.jsonfile, as it contains references to the old managed tunnel.# Replace 'dockflare_data' with your actual volume name if different docker volume rm dockflare_data
Now, start DockFlare with the new configuration.
docker compose up -d- Check the DockFlare logs. You should see it running in External Mode.
- DockFlare will not create a
cloudflared-agentcontainer. - It will begin reconciling your labeled containers and creating new DNS records that point to your new external tunnel ID.
Follow these steps if you are currently using External Mode and want to switch to letting DockFlare manage the agent for you.
Goal: Stop using your own agent and have DockFlare create and manage a new tunnel and agent container from scratch.
First, stop your manually managed cloudflared process or container. This is important to prevent two tunnels from being active.
Bring your entire DockFlare stack down.
docker compose downEdit your .env file to enable internal mode:
- Set
USE_EXTERNAL_CLOUDFLARED=falseor remove the line entirely. - Set a
TUNNEL_NAMEfor the new tunnel DockFlare will create (e.g.,TUNNEL_NAME=dockflare-managed-tunnel). - You can now remove or comment out
EXTERNAL_TUNNEL_ID.
- Delete Old DNS Records: Log in to your Cloudflare DNS dashboard and delete the CNAME records that were pointing to your old external tunnel. DockFlare will create new ones pointing to the new managed tunnel.
-
Delete Local State: You must remove the old
state.jsonfile to clear any references to the old external tunnel ID.# Replace 'dockflare_data' with your actual volume name if different docker volume rm dockflare_data
Start DockFlare with the new configuration.
docker compose up -d- Check the DockFlare logs. You should see it creating a new tunnel with the name you provided.
- Check
docker ps. You should see a newcloudflared-agent-...container created and running. - DockFlare will create new DNS records for your services pointing to this new managed tunnel.