cloudflared Argo Tunnel with Docker
It’s a bit hard to use Cloudflare’s Argo Tunnel with Docker when you don’t have any configuration in place already, I’m trying to break down the steps here.
create a volume:
First start by creating a docker volume to hold the configuration data:
docker volume create cloudflared
now the annoying thing comes to play, fix the permissions for the volume. I guess and hope there’s a better way but I just don’t know of any other. Get the path of the docker volume, you can use docker volume inspect cloudflared
for this to get the path, usually it’s in /var/lib/docker/volumes
sudo chown -R 65532:65532 /var/lib/docker/volumes/cloudflared/_data
login and fetch the certificate:
let’s use a temporary container with the created volume to login to Cloudflare for authorization.
Note: I use the docker image with the 2021.3.2 tag, this will probably be outdated in a couple of days, so make sure to check the docker hub.
docker run -it --rm -v cloudflared:/home/nonroot/.cloudflared/ cloudflare/cloudflared:2021.3.2 tunnel login
create the tunnel:
docker run -it --rm -v cloudflared:/home/nonroot/.cloudflared/ cloudflare/cloudflared:2021.3.2 tunnel create my-tunnel
It’ll give you some .json
file path where the credentials are stored in and the UUID of the tunnel, it’s also part of the JSON filename.
create config file:
I guess the best place to on how to create the right configuration file would be the cloudflare documentation page, I’ll include some example here.
Create a file config.yml
:
tunnel: 9eef6f07-0e12-4cc3-8fb0-6e768ea1c51f
credentials-file: /home/nonroot/.cloudflared/9eef6f07-0e12-4cc3-8fb0-6e768ea1c51f.json
ingress:
- hostname: my-awesome.example.com
service: http://localhost:4567
- service: http://localhost:404
this will route traffic destined for my-awesome.example.com
to localhost:4567
. A fallback is always required, in this case it’s localhost:404
to return a not found page by cloudflared
.
please save the config file to the docker volume as well, for example into:
/var/lib/docker/volumes/cloudflared/_data/config.yml
maybe you have to update the permissions again like described above.
route traffic / create DNS entry:
you can create the CNAME DNS entry manually but also via cloudflared automatically, just like this:
docker run -v cloudflared:/home/nonroot/.cloudflared cloudflare/cloudflared:2021.3.2 tunnel route dns my-tunnel my-awesome.example.com
first, specify the tunnel name (my-tunnel
), then the hostname.