# DockFlare — Automate Cloudflare Tunnels with Docker Labels > DockFlare automatically creates and manages Cloudflare Tunnels for your Docker containers using labels, providing zero-config reverse proxy and DNS without opening ports. ## Install Save in your project root: # DockFlare — Automate Cloudflare Tunnels with Docker Labels ## Quick Use ```bash docker run -d --name dockflare -e CF_API_TOKEN=your_api_token -e CF_ZONE_ID=your_zone_id -v /var/run/docker.sock:/var/run/docker.sock chrispybacon/dockflare:stable # Add labels to containers: dockflare.host=app.example.com ``` ## Introduction DockFlare watches your Docker containers and automatically provisions Cloudflare Tunnels based on container labels. When a container starts with DockFlare labels, it creates the tunnel, configures DNS, and routes traffic without manual Cloudflare dashboard configuration or opening firewall ports. ## What DockFlare Does - Watches Docker events and detects containers with DockFlare labels - Automatically creates Cloudflare Tunnel routes for labeled containers - Manages DNS CNAME records pointing to the tunnel endpoint - Removes tunnel routes and DNS entries when containers stop - Provides a web dashboard for monitoring active tunnels and their status ## Architecture Overview DockFlare is a Python application that connects to the Docker socket to monitor container lifecycle events. When it detects a container with DockFlare labels, it uses the Cloudflare API to create or update tunnel configurations and DNS records. A built-in Flask web UI displays active tunnels. The cloudflared daemon runs as a sidecar or within the same container to establish the encrypted tunnel. ## Self-Hosting & Configuration - Mount the Docker socket so DockFlare can watch container events - Provide a Cloudflare API token with Zone:DNS:Edit and Account:Tunnel:Edit permissions - Set `CF_ZONE_ID` for the domain you want to route through tunnels - Label target containers with `dockflare.host=subdomain.yourdomain.com` - Optionally set `dockflare.port` to specify the internal container port ## Key Features - Zero-config tunnel creation driven entirely by Docker container labels - No port forwarding required; all traffic routes through Cloudflare's network - Automatic DNS management creates and removes CNAME records as needed - Web dashboard shows real-time tunnel status and container mappings - Supports Cloudflare Access policies for authenticated tunnel access ## Comparison with Similar Tools - **cloudflared** — official CLI; DockFlare automates it with Docker label integration - **Traefik** — general reverse proxy; DockFlare specifically manages Cloudflare Tunnels - **Nginx Proxy Manager** — UI-driven proxy; DockFlare is label-driven and cloud-tunneled - **Pangolin** — identity-aware proxy with tunneling; DockFlare is Cloudflare-native - **Caddy + Cloudflare plugin** — requires port exposure; DockFlare uses tunnels to avoid open ports ## FAQ **Q: Do I need a Cloudflare paid plan?** A: No. Cloudflare Tunnels are available on the free plan. **Q: What permissions does the API token need?** A: Zone:DNS:Edit for DNS records and Account:Cloudflare Tunnel:Edit for tunnel management. **Q: Can I use DockFlare with Docker Compose?** A: Yes. Add DockFlare labels to your service definitions and run the DockFlare container alongside them. **Q: What happens when a container stops?** A: DockFlare removes the tunnel route and DNS record automatically when the labeled container stops. ## Sources - https://github.com/ChrispyBacon-dev/DockFlare --- Source: https://tokrepo.com/en/workflows/asset-d8a1f011 Author: AI Open Source