Cloudflared-web is a docker image that packages both cloudflared cli and a simple Web UI to easily start or stop remotely-managed Cloudflare tunnel.
✅ Only need to run a docker command once. No need to run docker commands everytime you want to start or stop the container or when updating the token.
✅ Start and stop cloudflare tunnel anytime with a single click.
❌ Only supports Remotely-managed Tunnels.
❌ Can only update hostname policies through the ZeroTrust dashboard.
When manually setting up this image, it is crucial to always set the networking mode
into host
as without it, the cloudflared service won't be able to access the services running on the host:
docker run --network host wisdomsky/cloudflared-web:latest
or if using docker-compose.yml
:
services:
cloudflared:
image: wisdomsky/cloudflared-web:latest
restart: unless-stopped
network_mode: host
The Web UI where you can setup the Cloudflared token can be accessed from port 14333
:
http://localhost:14333
If for some reason you are unable to pull images from Docker's Official Image Registry (docker.io), Cloudflared-web
is also synced to Github Container Registry (ghcr.io).
Just prefix the image with ghcr.io/
in order to use the mirrored image in Github.
services:
cloudflared:
image: ghcr.io/wisdomsky/cloudflared-web:latest
restart: unless-stopped
network_mode: host
Variable Name | Default value | Required or Optional | Description |
---|---|---|---|
WEBUI_PORT | 14333 | Optional | The port on the host where the WebUI will be running. Useful when an existing process is running on port 14333 and want to assign cloudflared-web into a different available port. |
EDGE_IP_VERSION | auto | Optional | Specifies the IP address version (IPv4 or IPv6) used to establish a connection between cloudflared and the Cloudflare global network. Available values are auto , 4 , and 6 . |
PROTOCOL | auto | Optional | Specifies the protocol used to establish a connection between cloudflared and the Cloudflare global network. Available values are auto , http2 , and quic . |
METRICS_ENABLE | false | Optional | Enable tunnel metrics server. |
METRICS_PORT | 60123 | Optional | Specify port to run tunnel metrics on. METRICS_ENABLE must be set to true . |
BASIC_AUTH_PASS | Optional | Enable Basic Auth by specifying a password. If BASIC_AUTH_USER is not specified, the default value for username admin will be used. |
|
BASIC_AUTH_USER | admin | Optional | Specify the username for the Basic Auth. |
example docker-compose.yaml
:
services:
cloudflared:
image: wisdomsky/cloudflared-web:latest
restart: unless-stopped
network_mode: host
environment:
WEBUI_PORT: 1111
Container Path | Required or Optional | Description |
---|---|---|
/config | Optional | The path to the directory where the config.json file containing the Cloudflare token and start status will be saved. |
example docker-compose.yaml
:
services:
cloudflared:
image: wisdomsky/cloudflared-web:latest
restart: unless-stopped
network_mode: host
volumes:
- /mnt/storage/cloudflared/config:/config
You can use docker networks
for a more fine-grained control of which containers/services your cloudflared-web container has access to.
services:
cloudflared:
image: wisdomsky/cloudflared-web:latest
restart: unless-stopped
networks:
- mynetwork
environment:
WEBUI_PORT: 1111
For any problems experienced while using the docker image, please create a new issue.