Skip to content

add cloudflare warp #632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
nxyystore wants to merge 8 commits into from
Closed

add cloudflare warp #632

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
a60c389
add cloudflare warp
nxyystore Dec 27, 2025
fb24173
fix ig
nxyystore Dec 27, 2025
d269939
fix again
nxyystore Dec 27, 2025
aaaa833
b
nxyystore Dec 27, 2025
8912302
f
nxyystore Dec 27, 2025
d0aa961
maybe itll fix env?
nxyystore Dec 27, 2025
db41f1d
f
nxyystore Dec 27, 2025
a6d1b92
thanks
nxyystore Dec 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions blueprints/warp/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
services:
cloudflare-warp-proxy:
Copy link

Copilot AI Dec 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The service name 'cloudflare-warp-proxy' doesn't follow the typical convention where service names match the blueprint folder name. The folder is named 'warp', so the service should ideally be named 'warp' for consistency. This makes templates more predictable and easier to maintain.

Copilot generated this review using guidance from repository custom instructions.
image: ghcr.io/seiry/cloudflare-warp-proxy:latest
restart: unless-stopped
# `LICENSE` is injected by the Dokploy template (`template.toml` [config.env]).
logging:
driver: json-file
options:
max-size: 1m
volumes:
- /run/dbus/system_bus_socket:/run/dbus/system_bus_socket:ro
Copy link

Copilot AI Dec 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mounting the host's D-Bus system socket (/run/dbus/system_bus_socket) creates a tight coupling between the container and the host system, which has operational implications. This mount may not exist on all host systems (different Linux distributions place D-Bus sockets in different locations), and it may not work correctly in containerized environments like Kubernetes or certain cloud platforms. Consider adding documentation about this requirement and potential compatibility issues, or providing alternative configuration options for environments where this socket is not available or located elsewhere.

Copilot uses AI. Check for mistakes.
security_opt:
- apparmor:unconfined
# If AppArmor unconfined is insufficient on some hosts, uncomment the next line
# to run the container in privileged mode (less secure):
# privileged: true
Comment on lines +1 to +16
Copy link

Copilot AI Dec 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The template lacks documentation on how to use the WARP proxy once deployed. Since this is a proxy service with no exposed external ports, users need to know:

  1. What port the SOCKS proxy listens on internally
  2. How other Docker Compose services should connect to it (e.g., via service name and port)
  3. Example configuration for using the proxy from other containers

Consider adding this information either as comments in the docker-compose.yml or as a README mount in template.toml (similar to blueprints/kokoro-tts/template.toml which includes comprehensive usage documentation).

Copilot uses AI. Check for mistakes.
12 changes: 12 additions & 0 deletions blueprints/warp/template.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
[variables]
warp_key = "<INSERT TOKEN>"

[config]
domains = []

[config.env]
LICENSE = "${warp_key}"

[[config.mounts]]
filePath = "/run/dbus/system_bus_socket"
content = ""
Comment on lines +10 to +12
Copy link

Copilot AI Dec 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The mount configuration is incorrect. The [[config.mounts]] section in template.toml is designed to create file content within the container, not to bind mount host directories or sockets. Since the docker-compose.yml already handles the volume mount from the host's /run/dbus/system_bus_socket, this mount entry should be removed entirely from template.toml.

File mounts in template.toml are for injecting configuration file content, not for defining volume bindings (see examples in blueprints/registry/template.toml:13-18).

Copilot generated this review using guidance from repository custom instructions.
Copy link

Copilot AI Dec 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The mount configuration for /run/dbus/system_bus_socket is incorrect. This file path is a system socket that needs to be bind-mounted from the host (as defined in docker-compose.yml line 11), not created as a file mount by the Dokploy template.

The config.mounts section in template.toml is for creating files with content that the application needs. System sockets like /run/dbus/system_bus_socket should only be defined in docker-compose.yml as volume mounts from the host, similar to how the homeassistant template handles /run/dbus (see blueprints/homeassistant/docker-compose.yml line 14).

This mount entry should be removed from template.toml entirely.

Suggested change
LICENSE = "${warp_key}"
[[config.mounts]]
filePath = "/run/dbus/system_bus_socket"
content = ""
LICENSE = "${warp_key}"

Copilot uses AI. Check for mistakes.
4 changes: 4 additions & 0 deletions blueprints/warp/warp.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
21 changes: 19 additions & 2 deletions meta.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1305,8 +1305,8 @@
"logo": "cloudflared.svg",
"links": {
"github": "https://github.com/cloudflare/cloudflared",
"website": "https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/",
"docs": "https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/"
"website": "https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/",
"docs": "https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/"
Comment on lines +1308 to +1309
Copy link

Copilot AI Dec 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR includes unrelated changes to the cloudflared template URLs (lines 1308-1309). While these URL updates appear to correct outdated Cloudflare documentation links, they should ideally be submitted as a separate PR to keep changes focused and make the review process clearer.

However, the URL updates themselves look valid - they update from the deprecated /connections/connect-apps/ path structure to the current /networks/connectors/cloudflare-tunnel/ structure in Cloudflare's documentation.

Copilot uses AI. Check for mistakes.
},
"tags": [
"cloud",
Expand Down Expand Up @@ -6031,6 +6031,23 @@
"self-hosted"
]
},
{
"id": "warp",
"name": "Cloudflare WARP",
"version": "latest",
Copy link

Copilot AI Dec 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version field is set to "latest", which violates the project convention that states "NEVER use 'latest' tag—it can break templates when upstream images change unexpectedly. Always verify image exists using 'docker manifest inspect image:tag' before committing." The version should be pinned to a specific version number.

Copilot generated this review using guidance from repository custom instructions.
"description": "Cloudflare WARP Connector (beta) is a software client that enables site-to-site, bidirectional, and mesh networking connectivity without requiring changes to underlying network routing infrastructure.",
"logo": "warp.svg",
"links": {
"github": "https://github.com/seiry/docker-warp-proxy",
Copy link

Copilot AI Dec 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The GitHub link points to https://github.com/seiry/docker-warp-proxy, which is a third-party Docker wrapper rather than the official Cloudflare WARP project. According to repository requirements, "Service MUST be open source" and templates should link to the official project repository.

The official Cloudflare WARP documentation is referenced in the website and docs fields, but there appears to be no official open-source repository for the Cloudflare WARP Connector itself. This raises concerns about whether this service meets the open-source requirement.

If the official Cloudflare WARP Connector is not open source (only the client/documentation is), this template should not be added to the repository. If using a third-party wrapper like seiry/docker-warp-proxy, verify it has an appropriate open-source license and consider whether it's appropriate to include.

Copilot generated this review using guidance from repository custom instructions.
"website": "https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/",
"docs": "https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/"
},
"tags": [
"proxy",
"networking",
"tunnel"
]
},
{
"id": "web-check",
"name": "Web-Check",
Expand Down