add cloudflare warp #632
add cloudflare warp #632
Conversation
built with Refined Cloudflare Pages Action⚡ Cloudflare Pages Deployment
|
There was a problem hiding this comment.
Pull request overview
This PR adds a new template for Cloudflare WARP Connector and updates documentation links for the existing Cloudflared template to reflect Cloudflare's restructured documentation.
Key Changes:
- Adds new Cloudflare WARP template with docker-compose configuration, template variables, and logo
- Updates Cloudflared template documentation URLs to current Cloudflare documentation structure
- Adds metadata entry for WARP in the templates index
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 10 comments.
| File | Description |
|---|---|
| meta.json | Adds new WARP template entry with metadata and updates Cloudflared documentation links; however, missing required GitHub link and uses "latest" version |
| blueprints/warp/docker-compose.yml | Defines WARP service container configuration; has issues with version pinning, network configuration, port exposure, environment variable naming, and service naming convention |
| blueprints/warp/template.toml | Configures template variables and environment mappings; has critical bug with self-referencing variable and environment variable name mismatch |
| blueprints/warp/image.svg | Adds service logo for WARP template |
meta.json
Outdated
| "description": "Cloudflare WARP Connector (beta) is a software client that enables site-to-site, bidirectional, and mesh networking connectivity without requiring changes to underlying network routing infrastructure.", | ||
| "logo": "image.svg", | ||
| "links": { | ||
| "github": "https://github.com/cloudflare/", |
There was a problem hiding this comment.
The links object is missing a required "github" field. According to the project's JSON schema validation (enforced in build-scripts/process-meta.js), all template entries must include a "github" link. Please add the GitHub repository URL for the Cloudflare WARP Connector project.
| "github": "https://github.com/cloudflare/", | |
| "github": "https://github.com/cloudflare/cloudflared", |
| { | ||
| "id": "warp", | ||
| "name": "Cloudflare WARP", | ||
| "version": "latest", |
There was a problem hiding this comment.
The version field is set to "latest", which violates the project convention that states "NEVER use 'latest' tag—it can break templates when upstream images change unexpectedly. Always verify image exists using 'docker manifest inspect image:tag' before committing." The version should be pinned to a specific version number.
blueprints/warp/docker-compose.yml
Outdated
| ports: | ||
| - 40000 |
There was a problem hiding this comment.
Including 'ports:' in docker-compose.yml goes against project conventions. The project guidelines state: "Docker Compose: Minimal—omit 'ports' (Dokploy proxies)." Dokploy handles port mapping and proxying automatically, so explicit port declarations should be avoided. If the service needs to expose a port for Dokploy to proxy to, it should be configured in template.toml using the [[config.domains]] section instead.
blueprints/warp/template.toml
Outdated
| @@ -0,0 +1,7 @@ | |||
| [variables] | |||
| license = "${warp_key}" | |||
There was a problem hiding this comment.
The variable definition uses a self-referencing pattern 'warp_key = "${warp_key}"' which doesn't generate any value. According to the project conventions, variables should use helpers for secrets like '${password:32}', '${uuid}', or '${jwt:secret_var}'. For a license key, either provide a placeholder value like 'warp_key = "YOUR_LICENSE_KEY_HERE"' or use an appropriate helper if auto-generation is desired.
| license = "${warp_key}" | |
| warp_key = "YOUR_WARP_LICENSE_KEY_HERE" |
| @@ -0,0 +1,14 @@ | |||
| services: | |||
| cloudflare-warp-proxy: | |||
There was a problem hiding this comment.
The service name 'cloudflare-warp-proxy' doesn't follow the typical convention where service names match the blueprint folder name. The folder is named 'warp', so the service should ideally be named 'warp' for consistency. This makes templates more predictable and easier to maintain.
meta.json
Outdated
| "name": "Cloudflare WARP", | ||
| "version": "latest", | ||
| "description": "Cloudflare WARP Connector (beta) is a software client that enables site-to-site, bidirectional, and mesh networking connectivity without requiring changes to underlying network routing infrastructure.", | ||
| "logo": "image.svg", |
There was a problem hiding this comment.
The logo filename is set to "image.svg" but the actual file in the blueprint is named "image.svg". While this matches, the project convention is to use more descriptive filenames that match the service name (e.g., "warp.svg" or "cloudflare-warp.svg"). Additionally, this filename must match exactly what's referenced in the meta.json logo field.
| "logo": "image.svg", | |
| "logo": "warp.svg", |
blueprints/warp/docker-compose.yml
Outdated
| @@ -0,0 +1,14 @@ | |||
| services: | |||
| cloudflare-warp-proxy: | |||
| image: seiry/cloudflare-warp-proxy | |||
There was a problem hiding this comment.
The Docker image is using an untagged or non-specific version. According to project conventions: "Pin images to specific versions in docker-compose.yml (e.g., ghost:5.82.0-alpine); match in meta.json.version. NEVER use 'latest' tag—it can break templates when upstream images change unexpectedly." Please specify a concrete version tag and verify it exists using 'docker manifest inspect seiry/cloudflare-warp-proxy:VERSION'.
blueprints/warp/docker-compose.yml
Outdated
| cloudflare-warp-proxy: | ||
| image: seiry/cloudflare-warp-proxy | ||
| # image: ghcr.io/seiry/cloudflare-warp-proxy | ||
| network_mode: bridge |
There was a problem hiding this comment.
The 'network_mode: bridge' directive should be avoided. According to project conventions: "Omit 'ports' (Dokploy proxies), persistent volumes. No Networks: Rely on Dokploy's isolated deployments—avoid explicit 'networks:'." While 'bridge' is the default, explicitly setting network_mode is generally unnecessary and can interfere with Dokploy's network management. Remove this line unless there's a specific technical requirement similar to the cloudflared template which uses 'network_mode: host' for specific routing needs.
blueprints/warp/docker-compose.yml
Outdated
| - 40000 | ||
| restart: unless-stopped | ||
| environment: | ||
| - LICENSE=${WARP_LICENSE} |
There was a problem hiding this comment.
There's an inconsistency in environment variable naming. The docker-compose.yml uses 'LICENSE=${WARP_KEY}' (line 10), but template.toml defines 'WARP_LICENSE="${warp_key}"' (line 7). This mismatch will cause the environment variable to not be properly set. Either change docker-compose.yml to use 'WARP_LICENSE=${WARP_LICENSE}' or update template.toml to set 'LICENSE="${warp_key}"' to ensure consistency.
| - LICENSE=${WARP_LICENSE} | |
| - WARP_LICENSE=${WARP_LICENSE} |
blueprints/warp/docker-compose.yml
Outdated
| @@ -0,0 +1,14 @@ | |||
| services: | |||
| cloudflare-warp-proxy: | |||
| image: seiry/cloudflare-warp-proxy | |||
There was a problem hiding this comment.
Before adding this template, verify that the 'seiry/cloudflare-warp-proxy' Docker image is for an open-source project. According to project requirements: "Service MUST be open source. Only add templates for applications with an open-source license (e.g., MIT, Apache, GPL, AGPL). Proprietary or closed-source services are not allowed." The image repository source and license should be verified before merging this PR.
| [[config.mounts]] | ||
| filePath = "/run/dbus/system_bus_socket" | ||
| content = "" No newline at end of file |
There was a problem hiding this comment.
The mount configuration is incorrect. The [[config.mounts]] section in template.toml is designed to create file content within the container, not to bind mount host directories or sockets. Since the docker-compose.yml already handles the volume mount from the host's /run/dbus/system_bus_socket, this mount entry should be removed entirely from template.toml.
File mounts in template.toml are for injecting configuration file content, not for defining volume bindings (see examples in blueprints/registry/template.toml:13-18).
| "description": "Cloudflare WARP Connector (beta) is a software client that enables site-to-site, bidirectional, and mesh networking connectivity without requiring changes to underlying network routing infrastructure.", | ||
| "logo": "warp.svg", | ||
| "links": { | ||
| "github": "https://github.com/seiry/docker-warp-proxy", |
There was a problem hiding this comment.
The GitHub link points to https://github.com/seiry/docker-warp-proxy, which is a third-party Docker wrapper rather than the official Cloudflare WARP project. According to repository requirements, "Service MUST be open source" and templates should link to the official project repository.
The official Cloudflare WARP documentation is referenced in the website and docs fields, but there appears to be no official open-source repository for the Cloudflare WARP Connector itself. This raises concerns about whether this service meets the open-source requirement.
If the official Cloudflare WARP Connector is not open source (only the client/documentation is), this template should not be added to the repository. If using a third-party wrapper like seiry/docker-warp-proxy, verify it has an appropriate open-source license and consider whether it's appropriate to include.
blueprints/warp/template.toml
Outdated
| [[config.env]] | ||
| WARP_KEY = "<INSERT TOKEN>" |
There was a problem hiding this comment.
The environment variable configuration format is incorrect. According to the template.toml structure documented in the README, env should be an array of strings in "KEY=VALUE" format, not a table array using [[config.env]].
The correct format should be:
[config]
env = ["WARP_KEY=<INSERT TOKEN>"]Reference: blueprints/cloudflared/template.toml:5 shows the correct format for similar configuration.
blueprints/warp/template.toml
Outdated
| LICENSE = "${warp_key}" | ||
|
|
||
| [[config.mounts]] | ||
| filePath = "/run/dbus/system_bus_socket" | ||
| content = "" No newline at end of file |
There was a problem hiding this comment.
The mount configuration for /run/dbus/system_bus_socket is incorrect. This file path is a system socket that needs to be bind-mounted from the host (as defined in docker-compose.yml line 11), not created as a file mount by the Dokploy template.
The config.mounts section in template.toml is for creating files with content that the application needs. System sockets like /run/dbus/system_bus_socket should only be defined in docker-compose.yml as volume mounts from the host, similar to how the homeassistant template handles /run/dbus (see blueprints/homeassistant/docker-compose.yml line 14).
This mount entry should be removed from template.toml entirely.
| LICENSE = "${warp_key}" | |
| [[config.mounts]] | |
| filePath = "/run/dbus/system_bus_socket" | |
| content = "" | |
| LICENSE = "${warp_key}" |
| services: | ||
| cloudflare-warp-proxy: | ||
| image: ghcr.io/seiry/cloudflare-warp-proxy:latest | ||
| restart: unless-stopped | ||
| # `LICENSE` is injected by the Dokploy template (`template.toml` [config.env]). | ||
| logging: | ||
| driver: json-file | ||
| options: | ||
| max-size: 1m | ||
| volumes: | ||
| - /run/dbus/system_bus_socket:/run/dbus/system_bus_socket:ro | ||
| security_opt: | ||
| - apparmor:unconfined | ||
| # If AppArmor unconfined is insufficient on some hosts, uncomment the next line | ||
| # to run the container in privileged mode (less secure): | ||
| # privileged: true |
There was a problem hiding this comment.
The template lacks documentation on how to use the WARP proxy once deployed. Since this is a proxy service with no exposed external ports, users need to know:
- What port the SOCKS proxy listens on internally
- How other Docker Compose services should connect to it (e.g., via service name and port)
- Example configuration for using the proxy from other containers
Consider adding this information either as comments in the docker-compose.yml or as a README mount in template.toml (similar to blueprints/kokoro-tts/template.toml which includes comprehensive usage documentation).
| "website": "https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/", | ||
| "docs": "https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/" |
There was a problem hiding this comment.
This PR includes unrelated changes to the cloudflared template URLs (lines 1308-1309). While these URL updates appear to correct outdated Cloudflare documentation links, they should ideally be submitted as a separate PR to keep changes focused and make the review process clearer.
However, the URL updates themselves look valid - they update from the deprecated /connections/connect-apps/ path structure to the current /networks/connectors/cloudflare-tunnel/ structure in Cloudflare's documentation.
| options: | ||
| max-size: 1m | ||
| volumes: | ||
| - /run/dbus/system_bus_socket:/run/dbus/system_bus_socket:ro |
There was a problem hiding this comment.
Mounting the host's D-Bus system socket (/run/dbus/system_bus_socket) creates a tight coupling between the container and the host system, which has operational implications. This mount may not exist on all host systems (different Linux distributions place D-Bus sockets in different locations), and it may not work correctly in containerized environments like Kubernetes or certain cloud platforms. Consider adding documentation about this requirement and potential compatibility issues, or providing alternative configuration options for environments where this socket is not available or located elsewhere.
|
tested it and uhh it doesnt work so make it stale for rn |
|
yeah fuck this one docker warp proxy |
1 participant
What is this PR about?
New PR of Cloudflare WARP
Checklist
Before submitting this PR, please make sure that:
Issues related (if applicable)
Close automatically the related issues using the keywords:
closes #ISSUE_NUMBERScreenshots or Videos