Cloudflare Tunnel
Requirements and Enabling
-
You will need to first generate a token by following the steps here
a. You can find the token here:
-
Once you've generated the token, update the variables in
inventory/group_vars/all/cloudflare.yml:cloudflare_tunnel_enabledtoyescloudflare_tunnel_tokento your token
-
After the container has been started, you should now see an active Connector in your Cloudflare dashboard
-
Follow the steps here to link containers to the tunnel, following the container map for the available container names and ports (use the container name as the "Service" name in the Cloudflare webgui, and append the port, e.g.
overseerr:5055)
Example:
Important Notes
The "public hostname" subdomain you use does not need to match any Traefik proxy rule as this traffic does NOT pass through Traefik, it goes directly from the container -> Cloudflare Tunnel via the internal Docker network.
This also means that SSO using Authentik will not work for any container configured to go through the Tunnel due to the authentication middleware being applied by Traefik. In order to use Authentik with a publicly accessible container, you will need to port forward.