vrr/DockFlare
2
0
Fork 0
mirror of https://github.com/ChrispyBacon-dev/DockFlare.git synced 2026-04-28 03:39:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
DockFlare/env.example
ChrispyBacon-dev 562fec5879 v1.8.0
2025-05-27 09:59:29 +02:00

133 lines
No EOL
6.2 KiB
Text
Raw Blame History

# -----------------------------------------------------------------------------
# This file provides a template for your DockFlare configuration.
# 1. Copy this file to '.env' in the project root: cp .env.example .env
# 2. Edit '.env' with your actual values.
# 3. DO NOT commit your actual .env file (with secrets) to version control!
#
# Lines starting with # are comments and will be ignored by DockFlare.
# Default values are often shown after the '=', remove the value to use DockFlare's internal default if applicable.
# -----------------------------------------------------------------------------
# === REQUIRED CLOUDFLARE CREDENTIALS ===
# These are essential for DockFlare to interact with the Cloudflare API.
# Generate an API Token at: https://dash.cloudflare.com/profile/api-tokens
#
# RECOMMENDED Scoped API Token Permissions:
# Account Level:
# - Account Settings: Read
# - Cloudflare Tunnel: Edit (Read & Write for tunnel operations)
# - Access: Apps and Policies: Edit (Read & Write for Access Application management)
# - Worker Routes: Read (Often needed by Tunnel functionality)
# - Worker Scripts: Edit (Often needed by Tunnel functionality)
# Zone Level (for EACH zone DockFlare will manage DNS for):
# - DNS: Edit (Read & Write for CNAME record management)
# - Zone Settings: Read (To get zone details)
#
CF_API_TOKEN=your_cloudflare_api_token_here
CF_ACCOUNT_ID=your_cloudflare_account_id_here # Find in Cloudflare dashboard URL after /dash.cloudflare.com/
# Default Cloudflare Zone ID (Optional but Recommended)
# The ID of your primary Cloudflare zone (e.g., example.com).
# Find this on the Cloudflare dashboard "Overview" page for your domain.
# - If set, DockFlare uses this zone for hostnames unless a 'cloudflare.tunnel.zonename' label specifies otherwise.
# - If not set, you MUST use the 'cloudflare.tunnel.zonename' label on ALL Docker containers
# and provide a Zone Name when adding Manual Rules via the UI.
CF_ZONE_ID=your_default_cloudflare_zone_id_here
# === TUNNEL CONFIGURATION ===
# Defines how DockFlare interacts with or manages the Cloudflare Tunnel.
# Tunnel Name (Required if NOT using an external cloudflared instance)
# DockFlare will create/use a tunnel with this name.
# Example: dockflare-myhome
TUNNEL_NAME=dockflared-tunnel
# --- External Cloudflared Mode (Advanced) ---
# Set USE_EXTERNAL_CLOUDFLARED to 'true' if you want DockFlare to manage DNS/Access
# for an existing tunnel managed by a separate cloudflared agent, instead of running its own.
#
# WARNING: If USE_EXTERNAL_CLOUDFLARED is 'false' (default), DockFlare v1.7+ takes an
# authoritative stance on its managed tunnel's ingress configuration. It will remove
# non-wildcard, non-catch-all ingress rules found on Cloudflare for that tunnel if
# they are not defined in DockFlare's state (from Docker labels or Manual UI entries).
# This ensures consistency. True external wildcards and the catch-all are preserved.
#
# USE_EXTERNAL_CLOUDFLARED=false
# External Tunnel ID (Required ONLY if USE_EXTERNAL_CLOUDFLARED=true)
# Please note currently under review not recommended.
# The ID of your existing, externally managed Cloudflare Tunnel.
# Find in Cloudflare Dashboard: Zero Trust -> Access -> Tunnels -> (select your tunnel)
# EXTERNAL_TUNNEL_ID=your_existing_external_tunnel_id
# === DOCKFLARE BEHAVIOR & CUSTOMIZATION ===
# Docker Label Prefix
# All Docker labels DockFlare looks for will start with this prefix.
LABEL_PREFIX=cloudflare.tunnel
# Grace Period for Rule Deletion (seconds)
# How long DockFlare keeps ingress rules for a stopped Docker container before deletion.
# Default: 28800 (8h)
GRACE_PERIOD_SECONDS=600
# Cleanup Interval (seconds)
# How often DockFlare checks for expired rules to delete.
# Default: 300 (5 minutes)
CLEANUP_INTERVAL_SECONDS=300
# Agent Status Update Interval (seconds)
# How often DockFlare updates the status of its managed cloudflared agent (if not in external mode).
# Default: 10
AGENT_STATUS_UPDATE_INTERVAL_SECONDS=10
# State File Path
# Location within the container where DockFlare saves its state (managed_rules.json).
# Should be mapped to a persistent volume.
STATE_FILE_PATH=/app/data/state.json
# Docker Network Scanning
# Set to 'true' for DockFlare to discover labeled containers across ALL Docker networks.
# If 'false' (default), DockFlare typically only sees containers on networks it shares
# (like CLOUDFLARED_NETWORK_NAME) or if it's on the host network.
SCAN_ALL_NETWORKS=false
# Cloudflared Agent Network Name (Only used when DockFlare manages the cloudflared agent)
# The name of the Docker network for the cloudflared agent container.
# DockFlare will create this network if it doesn't exist.
CLOUDFLARED_NETWORK_NAME=cloudflare-net
# Additional Zones for UI DNS Scan (Optional)
# Comma-separated list of additional Cloudflare Zone NAMES (e.g., another.com,mydomain.org)
# that DockFlare should query when displaying DNS records for tunnels in the
# "All Cloudflare Tunnels on Account" section of the UI.
# This is useful if a tunnel has CNAMEs in multiple zones you own.
# CF_ZONE_ID is automatically included if set.
# Example: TUNNEL_DNS_SCAN_ZONE_NAMES=extradomain.com,another-zone.net
TUNNEL_DNS_SCAN_ZONE_NAMES=
# === PERFORMANCE & RESOURCE MANAGEMENT ===
# Maximum Concurrent DNS API Operations
# Limits simultaneous DNS read/write calls to Cloudflare API during reconciliation.
# Helps prevent API rate limiting. Default: 3
MAX_CONCURRENT_DNS_OPS=3
# Reconciliation DNS Batch Size (Not currently used, but placeholder for future)
# How many DNS records to process in each batch during full reconciliation.
# Lower this value on systems with limited resources if/when implemented.
# RECONCILIATION_BATCH_SIZE=3
# === ADVANCED & DEPRECATED (Review if using) ===
# Trusted Proxies for X-Forwarded-* headers (Less relevant for direct Cloudflare Tunnel)
# Comma-separated list of IPs or CIDR ranges.
# If DockFlare itself is behind another reverse proxy that sets X-Forwarded-Proto.
# TRUSTED_PROXIES=172.16.0.0/12,192.168.0.0/16
# Default TLS Verification Setting for Service Targets (DEPRECATED - Use per-rule labels/UI)
# This global default is less flexible than per-rule settings.
# It's recommended to manage 'noTLSVerify' via Docker labels
# (cloudflare.tunnel.no_tls_verify=true) or the Manual Rule UI.
# DEFAULT_NO_TLS_VERIFY=false
Reference in a new issue View git blame Copy permalink