Cloudflare Tunnel with Docker Compose: Secure Access to Containers Without Open Ports
Introduction
Cloudflare Tunnel lets you securely expose your local services to the internet without opening ports or manually handling HTTPS. In this guide, you’ll learn how to configure the tunnel using Docker Compose to proxy access to your containers automatically — just like a regular public website.
Why You Might Need It
- No public IP? No problem.
- No port forwarding on your router or firewall.
- Cloudflare gives you HTTPS, WAF, DDoS and bot protection.
- Everything runs in containers — no need to manually configure nginx, certbot, or anything else.
Example: Exposing a Web App via Tunnel
Let’s say you have a container my-app
running at http://my-app:3000
. You want it to be publicly accessible at https://app.example.com
.
Step 1. Prepare Cloudflare
-
Sign up and add your domain to Cloudflare.
-
Install
cloudflared
locally and authenticate:cloudflared login
-
Create a tunnel:
cloudflared tunnel create my-tunnel
-
Route DNS to the tunnel:
cloudflared tunnel route dns my-tunnel app.example.com
-
Copy the credentials
.json
file (usually located in~/.cloudflared/
) to your project directory, e.g.,./cloudflared
.
Step 2. Project Structure
project/
├── docker-compose.yml
├── cloudflared/
│ ├── config.yml
│ └── <your tunnel-id>.json
Step 3. config.yml
— Tunnel Configuration
tunnel: my-tunnel
credentials-file: /etc/cloudflared/<your tunnel-id>.json
ingress:
- hostname: app.example.com
service: http://my-app:3000
- service: http_status:404
Step 4. docker-compose.yml
version: '3.8'
services:
my-app:
image: your-image
container_name: my-app
expose:
- 3000
networks:
- app-network
cloudflared:
image: cloudflare/cloudflared:latest
container_name: cloudflared
restart: always
command: tunnel --config /etc/cloudflared/config.yml run
volumes:
- ./cloudflared:/etc/cloudflared
networks:
- app-network
networks:
app-network:
driver: bridge
Step 5. Launch It
docker compose up -d
Now, when you visit https://app.example.com
, you’ll be routed directly into your my-app
container — without opening any ports to the outside world.
Conclusion
Using Cloudflare Tunnel with Docker Compose allows you to:
- Simplify service exposure.
- Eliminate the need to set up HTTPS manually.
- Improve security without messing with
iptables
or nginx.
It all runs in containers — clean, transparent, and without magic. A great way to proxy admin panels, dashboards, or APIs you’d rather not expose directly.
- Our community Openode.XYZ OpeNode.xyz
- Aeza VPS (+15% on payment) Aeza.net
- Best EU hosting (+1 month free) Kamatera.com
- VPS hosting - 4vps.su (-10% discount!) 4VPS.su
- TG Channel TG-Channel Neonode.cc