vrr/DockFlare
2
0
Fork 0
mirror of https://github.com/ChrispyBacon-dev/DockFlare.git synced 2026-04-28 03:39:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

DockFlare v3.0.5: A Tale of Two Toggles
Some checks failed
Docker Image Build and Push / build_self_hosted (push) Has been cancelled
Details
Docker Image Build and Push / build_github_hosted_fallback (push) Has been cancelled
Details

Browse source 
## [v3.0.5] - 2025-10-14

### Added
- **HTTP/2 Origin Support:** Added support for enabling HTTP/2 protocol between `cloudflared` and origin services via the new `dockflare.http2_origin` label and UI controls. Required for gRPC services. Only applies to HTTP/HTTPS services.
- **Disable Chunked Encoding Support:** Added support for disabling chunked transfer encoding over HTTP/1.1 via the new `dockflare.disable_chunked_encoding` label and UI controls. Useful for WSGI servers (Flask, Django, FastAPI) and other origins that don't properly support chunked requests. Only applies to HTTP/HTTPS services.
This commit is contained in:
Chris 2025-10-14 16:13:57 +02:00 committed by GitHub
commit 295a6046e9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 116 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
CHANGELOG.md
View file

@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
---
## [v3.0.5] - 2025-10-14
### Added
- **HTTP/2 Origin Support:** Added support for enabling HTTP/2 protocol between `cloudflared` and origin services via the new `dockflare.http2_origin` label and UI controls. Required for gRPC services. Only applies to HTTP/HTTPS services.
- **Disable Chunked Encoding Support:** Added support for disabling chunked transfer encoding over HTTP/1.1 via the new `dockflare.disable_chunked_encoding` label and UI controls. Useful for WSGI servers (Flask, Django, FastAPI) and other origins that don't properly support chunked requests. Only applies to HTTP/HTTPS services.
---
## [v3.0.4] - 2025-10-11
### Added

2
README.MD
View file

@ -11,7 +11,7 @@
</p>
<p align="center">
<a href="https://github.com/ChrispyBacon-dev/DockFlare/releases"><img src="https://img.shields.io/badge/Release-v3.0.4-blue.svg?style=for-the-badge" alt="Release"></a>
<a href="https://github.com/ChrispyBacon-dev/DockFlare/releases"><img src="https://img.shields.io/badge/Release-v3.0.5-blue.svg?style=for-the-badge" alt="Release"></a>
<a href="https://hub.docker.com/r/alplat/dockflare"><img src="https://img.shields.io/docker/pulls/alplat/dockflare?style=for-the-badge" alt="Docker Pulls"></a>
<a href="https://www.python.org/"><img src="https://img.shields.io/badge/Made%20with-Python-1f425f.svg?style=for-the-badge" alt="Python"></a>
<a href="https://github.com/ChrispyBacon-dev/DockFlare/blob/main/LICENSE.MD"><img src="https://img.shields.io/badge/License-GPL--3.0-blue.svg?style=for-the-badge" alt="License"></a>

2
dockflare/app/config.py
View file

@ -34,7 +34,7 @@ def _get_int_env(name, default, minimum=None):
return default
# --- DockFlare Version ---
APP_VERSION = "v3.0.4"
APP_VERSION = "v3.0.5"
# --- web: https://dockflare.app ---
# --- github: https://github.com/ChrispyBacon-dev/DockFlare ---

20
dockflare/app/core/docker_handler.py
View file

@ -157,6 +157,8 @@ def process_container_start(container_obj):
service_label = get_label(labels, "service")
zone_name_label = get_label(labels, "zonename")
no_tls_verify_label = get_label(labels, "no_tls_verify", "false").lower() in ["true", "1", "t", "yes"]
http2_origin_label = get_label(labels, "http2_origin", "false").lower() in ["true", "1", "t", "yes"]
disable_chunked_encoding_label = get_label(labels, "disable_chunked_encoding", "false").lower() in ["true", "1", "t", "yes"]
if hostname_label and service_label:
if is_valid_hostname(hostname_label) and is_valid_service(service_label):
@ -166,6 +168,8 @@ def process_container_start(container_obj):
"no_tls_verify": no_tls_verify_label,
"origin_server_name": default_originsrvname_label.strip() if default_originsrvname_label else None,
"http_host_header": default_http_host_header_label.strip() if default_http_host_header_label else None,
"http2_origin": http2_origin_label,
"disable_chunked_encoding": disable_chunked_encoding_label,
"access_group": default_access_group,
"access_policy_type": default_access_policy_type_label,
"access_app_name": default_access_app_name_label,
@ -194,6 +198,10 @@ def process_container_start(container_obj):
no_tls_verify_indexed = no_tls_verify_indexed_val.lower() in ["true", "1", "t", "yes"]
originsrvname_indexed_val = get_label(labels, f"{index}.originsrvname", default_originsrvname_label)
http_host_header_indexed_val = get_label(labels, f"{index}.httpHostHeader", default_http_host_header_label)
http2_origin_indexed_val = get_label(labels, f"{index}.http2_origin", str(http2_origin_label).lower())
http2_origin_indexed = http2_origin_indexed_val.lower() in ["true", "1", "t", "yes"]
disable_chunked_encoding_indexed_val = get_label(labels, f"{index}.disable_chunked_encoding", str(disable_chunked_encoding_label).lower())
disable_chunked_encoding_indexed = disable_chunked_encoding_indexed_val.lower() in ["true", "1", "t", "yes"]
access_groups_indexed = get_label(labels, f"{index}.access.groups")
raw_access_group_indexed = get_label(labels, f"{index}.access.group") if not access_groups_indexed else None
@ -244,6 +252,8 @@ def process_container_start(container_obj):
"no_tls_verify": no_tls_verify_indexed,
"origin_server_name": originsrvname_indexed_val.strip() if originsrvname_indexed_val else None,
"http_host_header": http_host_header_indexed_val.strip() if http_host_header_indexed_val else None,
"http2_origin": http2_origin_indexed,
"disable_chunked_encoding": disable_chunked_encoding_indexed,
"access_group": access_group_indexed,
"access_policy_type": access_policy_type_indexed,
"access_app_name": access_app_name_indexed,
@ -285,6 +295,8 @@ def process_container_start(container_obj):
no_tls_verify_from_item = config_item["no_tls_verify"]
origin_server_name_from_item = config_item.get("origin_server_name")
http_host_header_from_item = config_item.get("http_host_header")
http2_origin_from_item = config_item.get("http2_origin", False)
disable_chunked_encoding_from_item = config_item.get("disable_chunked_encoding", False)
target_zone_id = None
detected_zone_name = zone_name_from_item
@ -349,6 +361,12 @@ def process_container_start(container_obj):
if existing_rule.get("http_host_header") != http_host_header_from_item:
existing_rule["http_host_header"] = http_host_header_from_item
rule_data_changed = True
if existing_rule.get("http2_origin") != http2_origin_from_item:
existing_rule["http2_origin"] = http2_origin_from_item
rule_data_changed = True
if existing_rule.get("disable_chunked_encoding") != disable_chunked_encoding_from_item:
existing_rule["disable_chunked_encoding"] = disable_chunked_encoding_from_item
rule_data_changed = True
existing_rule["source"] = "docker"
if master_tunnel_id and existing_rule.get("tunnel_id") != master_tunnel_id:
@ -384,6 +402,8 @@ def process_container_start(container_obj):
"no_tls_verify": no_tls_verify_from_item,
"origin_server_name": origin_server_name_from_item,
"http_host_header": http_host_header_from_item,
"http2_origin": http2_origin_from_item,
"disable_chunked_encoding": disable_chunked_encoding_from_item,
"access_app_id": None,
"access_policy_type": None,
"access_app_config_hash": None,

4
dockflare/app/core/state_manager.py
View file

@ -143,6 +143,8 @@ def load_state():
rule_copy.setdefault("zone_name", None)
rule_copy.setdefault("no_tls_verify", False)
rule_copy.setdefault("origin_server_name", None)
rule_copy.setdefault("http2_origin", False)
rule_copy.setdefault("disable_chunked_encoding", False)
tunnel_name = rule_copy.get("tunnel_name")
if not tunnel_name or tunnel_name == "dockflare-tunnel":
@ -500,6 +502,8 @@ def save_state():
"no_tls_verify": rule.get("no_tls_verify", False),
"origin_server_name": rule.get("origin_server_name"),
"http_host_header": rule.get("http_host_header"),
"http2_origin": rule.get("http2_origin", False),
"disable_chunked_encoding": rule.get("disable_chunked_encoding", False),
"access_app_id": rule.get("access_app_id"),
"access_policy_type": rule.get("access_policy_type"),
"access_app_config_hash": rule.get("access_app_config_hash"),

8
dockflare/app/core/tunnel_manager.py
View file

@ -261,6 +261,10 @@ def _build_ingress_entry_from_rule(rule_details):
http_host_header = rule_details.get("http_host_header") or rule_details.get("httpHostHeader")
if http_host_header:
origin_request["httpHostHeader"] = http_host_header
if rule_details.get("http2_origin"):
origin_request["http2Origin"] = True
if rule_details.get("disable_chunked_encoding"):
origin_request["disableChunkedEncoding"] = True
if origin_request:
entry["originRequest"] = origin_request
return entry
@ -299,7 +303,9 @@ def _ingress_to_comparable(rule):
no_tls = bool(origin.get("noTLSVerify"))
origin_name = origin.get("originServerName") or ""
http_host = origin.get("httpHostHeader") or ""
return (hostname, service, path, no_tls, origin_name, http_host)
http2_origin = bool(origin.get("http2Origin"))
disable_chunked = bool(origin.get("disableChunkedEncoding"))
return (hostname, service, path, no_tls, origin_name, http_host, http2_origin, disable_chunked)
def _is_catch_all_rule(rule):

6
dockflare/app/static/js/main.js
View file

@ -229,6 +229,12 @@ function initializeEditRuleModal() {
const httpHostHeaderField = modal.querySelector('#edit_manual_http_host_header');
if (httpHostHeaderField) httpHostHeaderField.value = details.http_host_header || '';
const http2OriginField = modal.querySelector('#edit_http2_origin');
if (http2OriginField) http2OriginField.checked = details.http2_origin || false;
const disableChunkedEncodingField = modal.querySelector('#edit_disable_chunked_encoding');
if (disableChunkedEncodingField) disableChunkedEncodingField.checked = details.disable_chunked_encoding || false;
const tunnelDisplay = modal.querySelector('#edit_rule_tunnel_value');
const zoneDisplay = modal.querySelector('#edit_rule_zone_value');
const agentHint = modal.querySelector('#edit_rule_agent_hint');

2
dockflare/app/templates/docs/Container-Labels.md
View file

@ -16,6 +16,8 @@ These labels control the fundamental routing and service definition for a contai
| `dockflare.no_tls_verify` | If set to `true`, disables TLS certificate verification for the connection between `cloudflared` and your origin service. Useful for origins with self-signed certificates. | `dockflare.no_tls_verify=true` |
| `dockflare.originsrvname` | Sets a specific Server Name Indication (SNI) hostname for the TLS connection to the origin. This is also known as "Origin Server Name" in the Cloudflare dashboard. | `dockflare.originsrvname=internal.service.local` |
| `dockflare.httpHostHeader` | Overrides the `Host` header sent from `cloudflared` to your origin service. | `dockflare.httpHostHeader=custom-host.internal` |
| `dockflare.http2_origin` | If set to `true`, enables HTTP/2 protocol for the connection between `cloudflared` and your origin service. Required for gRPC services. Only applies to HTTP/HTTPS services. | `dockflare.http2_origin=true` |
| `dockflare.disable_chunked_encoding` | If set to `true`, disables chunked transfer encoding over HTTP/1.1. Useful for WSGI servers (Flask, Django, FastAPI) and other origins that don't properly support chunked requests. Only applies to HTTP/HTTPS services. | `dockflare.disable_chunked_encoding=true` |
> **Tip:** Starting with DockFlare v3.0, you can skip `dockflare.zonename` for most workloads. The master detects the correct Cloudflare zone by matching the hostname suffix and only falls back to the configured default zone when it cannot find a match. Provide the label when you intentionally want to place a record in a different zone.

36
dockflare/app/templates/status_page.html
View file

@ -196,7 +196,13 @@
{% endif %}
{% if details.http_host_header %}
<span class="badge badge-info badge-xs ml-1" title="HTTP Host Header: {{ details.http_host_header }}">Host: {{ details.http_host_header | truncate(20, True) }}</span>
{% endif %}
{% endif %}
{% if details.http2_origin %}
<span class="badge badge-success badge-xs ml-1" title="HTTP/2 protocol enabled for origin connection">HTTP/2 Origin</span>
{% endif %}
{% if details.disable_chunked_encoding %}
<span class="badge badge-info badge-xs ml-1" title="Chunked transfer encoding disabled for HTTP/1.1">No Chunked Encoding</span>
{% endif %}
</div>
</td>
<td class="p-3 whitespace-nowrap">
@ -503,6 +509,20 @@
<span class="label-text-alt">Overrides the <code>Host</code> header sent to your origin server. Useful for origins expecting a different hostname than the public one. (Only applies to HTTP/HTTPS services).</span>
</label>
</div>
<div id="manual_http2_origin_div" class="form-control">
<label class="label cursor-pointer justify-start gap-2">
<input type="checkbox" name="manual_http2_origin" id="manual_http2_origin" class="checkbox checkbox-sm" />
<span class="label-text">Enable HTTP/2 Origin</span>
</label>
<div class="text-xs opacity-60 ml-8">Enable HTTP/2 protocol between Cloudflare and your origin server. Required for gRPC services. (Only applies to HTTP/HTTPS services).</div>
</div>
<div id="manual_disable_chunked_encoding_div" class="form-control">
<label class="label cursor-pointer justify-start gap-2">
<input type="checkbox" name="manual_disable_chunked_encoding" id="manual_disable_chunked_encoding" class="checkbox checkbox-sm" />
<span class="label-text">Disable Chunked Encoding</span>
</label>
<div class="text-xs opacity-60 ml-8">Disables chunked transfer encoding over HTTP/1.1. Useful for WSGI servers (Flask, Django) and other origins that don't support chunked requests. (Only applies to HTTP/HTTPS services).</div>
</div>
</div>
</div>
<div id="manual_rule_feedback" class="hidden alert mt-4"></div>
@ -640,6 +660,20 @@
<span class="label-text-alt">Overrides the <code>Host</code> header sent to your origin server. Useful for origins expecting a different hostname than the public one. (Only applies to HTTP/HTTPS services).</span>
</label>
</div>
<div id="edit_http2_origin_div" class="form-control">
<label class="label cursor-pointer justify-start gap-2">
<input type="checkbox" name="edit_http2_origin" id="edit_http2_origin" class="checkbox checkbox-sm" />
<span class="label-text">Enable HTTP/2 Origin</span>
</label>
<div class="text-xs opacity-60 ml-8">Enable HTTP/2 protocol between Cloudflare and your origin server. Required for gRPC services. (Only applies to HTTP/HTTPS services).</div>
</div>
<div id="edit_disable_chunked_encoding_div" class="form-control">
<label class="label cursor-pointer justify-start gap-2">
<input type="checkbox" name="edit_disable_chunked_encoding" id="edit_disable_chunked_encoding" class="checkbox checkbox-sm" />
<span class="label-text">Disable Chunked Encoding</span>
</label>
<div class="text-xs opacity-60 ml-8">Disables chunked transfer encoding over HTTP/1.1. Useful for WSGI servers (Flask, Django) and other origins that don't support chunked requests. (Only applies to HTTP/HTTPS services).</div>
</div>
</div>
</div>
<div class="modal-action mt-8 pt-4 border-t border-base-300">

23
dockflare/app/web/api_v2_routes.py
View file

@ -562,6 +562,8 @@ def create_manual_rule_api():
"no_tls_verify": False,
"origin_server_name": None,
"http_host_header": None,
"http2_origin": False,
"disable_chunked_encoding": False,
"access_app_id": None,
"access_policy_type": None,
"access_app_config_hash": None,
@ -812,6 +814,8 @@ def process_agent_container_start(payload, agent_id):
service_label = get_label(labels, "service")
zone_name_label = get_label(labels, "zonename")
no_tls_verify_label = get_label(labels, "no_tls_verify", "false").lower() in ["true", "1", "t", "yes"]
http2_origin_label = get_label(labels, "http2_origin", "false").lower() in ["true", "1", "t", "yes"]
disable_chunked_encoding_label = get_label(labels, "disable_chunked_encoding", "false").lower() in ["true", "1", "t", "yes"]
if hostname_label and service_label:
if is_valid_hostname(hostname_label) and is_valid_service(service_label):
@ -823,6 +827,8 @@ def process_agent_container_start(payload, agent_id):
"no_tls_verify": no_tls_verify_label,
"origin_server_name": default_originsrvname_label.strip() if default_originsrvname_label else None,
"http_host_header": default_http_host_header_label.strip() if default_http_host_header_label else None,
"http2_origin": http2_origin_label,
"disable_chunked_encoding": disable_chunked_encoding_label,
"access_group": default_access_group,
"access_policy_type": default_access_policy_type_label,
"access_app_name": default_access_app_name_label,
@ -851,6 +857,10 @@ def process_agent_container_start(payload, agent_id):
no_tls_verify_indexed = no_tls_verify_indexed_val.lower() in ["true", "1", "t", "yes"]
originsrvname_indexed_val = get_label(labels, f"{index}.originsrvname", default_originsrvname_label)
http_host_header_indexed_val = get_label(labels, f"{index}.httpHostHeader", default_http_host_header_label)
http2_origin_indexed_val = get_label(labels, f"{index}.http2_origin", str(http2_origin_label).lower())
http2_origin_indexed = http2_origin_indexed_val.lower() in ["true", "1", "t", "yes"]
disable_chunked_encoding_indexed_val = get_label(labels, f"{index}.disable_chunked_encoding", str(disable_chunked_encoding_label).lower())
disable_chunked_encoding_indexed = disable_chunked_encoding_indexed_val.lower() in ["true", "1", "t", "yes"]
access_groups_indexed = get_label(labels, f"{index}.access.groups")
raw_access_group_indexed = get_label(labels, f"{index}.access.group") if not access_groups_indexed else None
@ -903,6 +913,8 @@ def process_agent_container_start(payload, agent_id):
"no_tls_verify": no_tls_verify_indexed,
"origin_server_name": originsrvname_indexed_val.strip() if originsrvname_indexed_val else None,
"http_host_header": http_host_header_indexed_val.strip() if http_host_header_indexed_val else None,
"http2_origin": http2_origin_indexed,
"disable_chunked_encoding": disable_chunked_encoding_indexed,
"access_group": access_group_indexed,
"access_policy_type": access_policy_type_indexed,
"access_app_name": access_app_name_indexed,
@ -940,6 +952,9 @@ def process_agent_container_start(payload, agent_id):
zone_name_from_item = config_item["zone_name"]
no_tls_verify_from_item = config_item["no_tls_verify"]
origin_server_name_from_item = config_item.get("origin_server_name")
http_host_header_from_item = config_item.get("http_host_header")
http2_origin_from_item = config_item.get("http2_origin", False)
disable_chunked_encoding_from_item = config_item.get("disable_chunked_encoding", False)
target_zone_id = None
if zone_name_from_item:
@ -986,6 +1001,12 @@ def process_agent_container_start(payload, agent_id):
if existing_rule.get("http_host_header") != http_host_header_from_item:
existing_rule["http_host_header"] = http_host_header_from_item
rule_data_changed = True
if existing_rule.get("http2_origin") != http2_origin_from_item:
existing_rule["http2_origin"] = http2_origin_from_item
rule_data_changed = True
if existing_rule.get("disable_chunked_encoding") != disable_chunked_encoding_from_item:
existing_rule["disable_chunked_encoding"] = disable_chunked_encoding_from_item
rule_data_changed = True
if existing_rule.get("tunnel_name") != assigned_tunnel_name:
existing_rule["tunnel_name"] = assigned_tunnel_name
rule_data_changed = True
@ -1022,6 +1043,8 @@ def process_agent_container_start(payload, agent_id):
"no_tls_verify": no_tls_verify_from_item,
"origin_server_name": origin_server_name_from_item,
"http_host_header": config_item.get("http_host_header"),
"http2_origin": http2_origin_from_item,
"disable_chunked_encoding": disable_chunked_encoding_from_item,
"access_app_id": None,
"access_policy_type": None,
"access_app_config_hash": None,

10
dockflare/app/web/routes.py
View file

@ -1237,6 +1237,8 @@ def ui_add_manual_rule_route():
no_tls_verify = request.form.get('manual_no_tls_verify') == 'on'
origin_server_name_input = request.form.get('manual_origin_server_name', '').strip()
manual_http_host_header = request.form.get('manual_http_host_header', '').strip()
http2_origin = request.form.get('manual_http2_origin') == 'on'
disable_chunked_encoding = request.form.get('manual_disable_chunked_encoding') == 'on'
manual_access_group_ids = request.form.getlist('manual_access_groups')
manual_access_policy_type = request.form.get('manual_access_policy_type', 'none').strip().lower()
@ -1489,6 +1491,8 @@ def ui_add_manual_rule_route():
"no_tls_verify": no_tls_verify,
"origin_server_name": origin_server_name_input or None,
"http_host_header": manual_http_host_header or None,
"http2_origin": http2_origin,
"disable_chunked_encoding": disable_chunked_encoding,
"source": "manual",
"access_app_id": access_app_id,
"access_policy_type": access_policy_type,
@ -1591,7 +1595,9 @@ def ui_edit_manual_rule_route():
no_tls_verify = request.form.get('edit_no_tls_verify') == 'on'
origin_server_name_input = request.form.get('edit_origin_server_name', '').strip()
manual_http_host_header = request.form.get('edit_http_host_header', '').strip()
http2_origin = request.form.get('edit_http2_origin') == 'on'
disable_chunked_encoding = request.form.get('edit_disable_chunked_encoding') == 'on'
if not domain_name_input or not service_type_input:
cloudflared_agent_state["last_action_status"] = "Error: Domain and service type required."
return redirect(url_for('web.status_page'))
@ -1775,6 +1781,8 @@ def ui_edit_manual_rule_route():
"no_tls_verify": no_tls_verify,
"origin_server_name": origin_server_name_input or None,
"http_host_header": manual_http_host_header or None,
"http2_origin": http2_origin,
"disable_chunked_encoding": disable_chunked_encoding,
"access_app_id": access_app_id,
"access_policy_type": access_policy_type,
"access_app_config_hash": access_app_config_hash,