ConfigsJul 6, 2026·3 min read

DockFlare — Automate Cloudflare Tunnels with Docker Labels

DockFlare automatically creates and manages Cloudflare Tunnels for your Docker containers using labels, providing zero-config reverse proxy and DNS without opening ports.

Agent ready

Safe staging for this asset

This asset is staged first. The copied prompt tells the agent to inspect the staged files and ask before activating scripts, MCP config, or global config.

Stage only · 29/100Policy: stage
Agent surface
Any MCP/CLI agent
Kind
Skill
Install
Stage only
Trust
Trust: Established
Entrypoint
DockFlare Tunnel Automation
Safe staging command
npx -y tokrepo@latest install d8a1f011-78f2-11f1-9bc6-00163e2b0d79 --target codex

Stages files first; activation requires review of the staged README and plan.

Introduction

DockFlare watches your Docker containers and automatically provisions Cloudflare Tunnels based on container labels. When a container starts with DockFlare labels, it creates the tunnel, configures DNS, and routes traffic without manual Cloudflare dashboard configuration or opening firewall ports.

What DockFlare Does

  • Watches Docker events and detects containers with DockFlare labels
  • Automatically creates Cloudflare Tunnel routes for labeled containers
  • Manages DNS CNAME records pointing to the tunnel endpoint
  • Removes tunnel routes and DNS entries when containers stop
  • Provides a web dashboard for monitoring active tunnels and their status

Architecture Overview

DockFlare is a Python application that connects to the Docker socket to monitor container lifecycle events. When it detects a container with DockFlare labels, it uses the Cloudflare API to create or update tunnel configurations and DNS records. A built-in Flask web UI displays active tunnels. The cloudflared daemon runs as a sidecar or within the same container to establish the encrypted tunnel.

Self-Hosting & Configuration

  • Mount the Docker socket so DockFlare can watch container events
  • Provide a Cloudflare API token with Zone:DNS:Edit and Account:Tunnel:Edit permissions
  • Set CF_ZONE_ID for the domain you want to route through tunnels
  • Label target containers with dockflare.host=subdomain.yourdomain.com
  • Optionally set dockflare.port to specify the internal container port

Key Features

  • Zero-config tunnel creation driven entirely by Docker container labels
  • No port forwarding required; all traffic routes through Cloudflare's network
  • Automatic DNS management creates and removes CNAME records as needed
  • Web dashboard shows real-time tunnel status and container mappings
  • Supports Cloudflare Access policies for authenticated tunnel access

Comparison with Similar Tools

  • cloudflared — official CLI; DockFlare automates it with Docker label integration
  • Traefik — general reverse proxy; DockFlare specifically manages Cloudflare Tunnels
  • Nginx Proxy Manager — UI-driven proxy; DockFlare is label-driven and cloud-tunneled
  • Pangolin — identity-aware proxy with tunneling; DockFlare is Cloudflare-native
  • Caddy + Cloudflare plugin — requires port exposure; DockFlare uses tunnels to avoid open ports

FAQ

Q: Do I need a Cloudflare paid plan? A: No. Cloudflare Tunnels are available on the free plan.

Q: What permissions does the API token need? A: Zone:DNS:Edit for DNS records and Account:Cloudflare Tunnel:Edit for tunnel management.

Q: Can I use DockFlare with Docker Compose? A: Yes. Add DockFlare labels to your service definitions and run the DockFlare container alongside them.

Q: What happens when a container stops? A: DockFlare removes the tunnel route and DNS record automatically when the labeled container stops.

Sources

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets