Learn how to leverage Cloudflare Zero-Trust Tunnel to securely expose services running in Docker containers. Improve the security and accessibility of your applications with minimal effort.
Cloudflare Zero-Trust Tunnel Overview
As businesses increasingly adopt remote work and cloud infrastructure, ensuring secure network connections is more critical than ever. Cloudflare Zero-Trust Tunnel creates a secure link between your local machine and Cloudflare’s edge network, offering a private, encrypted connection to your services without exposing your infrastructure to the public internet.
What is Cloudflare Zero-Trust Tunnel?
Cloudflare Zero-Trust Tunnel allows secure access to private network resources via Cloudflare’s edge network.
Key Features:
- Protocol: Uses QUIC for faster, more secure connections.
- Encryption: Implements TLS 1.3 for end-to-end encryption.
- Global Reach: Leverages Cloudflare’s worldwide data centers for low-latency access.
Advantages
- Enhanced Security: Fully encrypted connections safeguard against eavesdropping.
- Improved Privacy: Access private resources without public exposure.
- Global Accessibility: Seamless access from any location worldwide.
- Performance: QUIC protocol ensures faster and more reliable communication.
Deploying Cloudflare Zero-Trust Tunnel with Docker
Docker makes deploying and managing applications straightforward. Integrating Cloudflare Zero-Trust Tunnel ensures secure service exposure. Here’s how:
Step 1. Create a Docker Container for Your Service
First, package your application in a Docker container. For instance, if you’re running a Python DASH application, Docker is an excellent way to manage dependencies and streamline deployment.
Step 2. Install Cloudflare Zero-Trust Tunnel Client
Install the Zero Tunnel client on your local machine and configure it to connect to your Cloudflare account.
- We are going to be using the Clouflared Docker Container Image, which is open sourced in Cloudflare’s Github.
- You can get the details on the Cloudflare DASH
- Select the domain that is managed by cloudflare where you want to set the tunnel. Click on Traffic and Cloudflare Tunnel or directly on Zero Trust as indicated:
- You will be prompted with the Cloudflare One Dash
- Select Acces and then Tunnels to create a tunnel with Docker and get the token.
Use the Cloudflared Docker image to set up a secure tunnel.
Install Using Docker CLI:
- Create a dedicated network for the tunnel:
sudo docker network create tunnel- Run the Cloudflared container with your unique token:
docker run --name cloudflared --network tunnel --detach cloudflare/cloudflared:latest tunnel --no-autoupdate run --token yourfantastictokenInstall Using Docker Compose: Here’s a recommended setup
version: '3.8'
services:
cloudflared:
image: cloudflare/cloudflared:latest
container_name: cloudflared
command: tunnel --no-autoupdate run --token yourfantastictoken
networks:
- tunnel
restart: unless-stopped
networks:
tunnel:Run the compose file:
docker-compose up -d
Step 3. Add Services to the Cloudflare Tunnel Network
Link your service container to the Cloudflare tunnel network:
- Using Docker CLI:
docker network connect tunnel your_docker_container- Directly when creating a container:
docker run --name Your_Service_Name --network tunnel -p 8050:8050 --detach Your_Container_Image- Using Docker Compose:
version: '3.8'
services:
Your_Service_Name:
image: Your_Container_Image
container_name: Your_Container_Name
ports:
- "8050:8050"
networks:
- tunnel
networks:
tunnel:
external: trueStep 4. Configure Cloudflare Tunnel in the Web UI
- Log into the Cloudflare Zero Trust Dashboard.
- Navigate to Access → Tunnels and select your tunnel.
- Add a Public Hostname to map a subdomain, domain, and path to your service.
- Example: your-service-name:docker-port
FAQ
1. How to check my device local IP?
ifconfig2. How to check the exposed IP?
Thanks to the used of cloudflare tunnels, you will be able now to expose self-hosted services without the need of:
- Exposing your Public IP addres
- Opening ports in your router’s firewall
curl your_selected_domain.com && echoConclusion
With Cloudflare Zero-Trust Tunnel and Docker, you can securely expose your services while protecting sensitive resources from unauthorized access. This setup is ideal for developers, teams, and businesses seeking secure and efficient remote access solutions.
Access your service from anywhere, with confidence in its security.
