mirror of
https://github.com/ChrispyBacon-dev/DockFlare.git
synced 2026-04-28 03:39:32 +00:00
127 lines
No EOL
4.9 KiB
Text
127 lines
No EOL
4.9 KiB
Text
# DockFlare: Automates Cloudflare Tunnel ingress from Docker labels.
|
|
# Copyright (C) 2025 ChrispyBacon-Dev <https://github.com/ChrispyBacon-dev/DockFlare>
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
# .env: DockFlare Tunnel Manager Configuration
|
|
# -----------------------------------------------------------------------------
|
|
# Create a copy of this file named '.env' in the project root.
|
|
# DO NOT commit the real .env file to version control!
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# REQUIRED CLOUDFLARE CREDENTIALS
|
|
# ==============================
|
|
# Generate API Token at: https://dash.cloudflare.com/profile/api-tokens
|
|
# Required permissions:
|
|
# API Token with Account:Cloudflare Tunnel:Edit, Account:Account Settings:Read, Account:Access: Apps and Policies:Edit, Zone:Zone:Read, Zone:DNS:Edit
|
|
|
|
# Cloudflare API Token (REQUIRED)
|
|
CF_API_TOKEN=your_cloudflare_api_token
|
|
|
|
# Cloudflare Account ID (REQUIRED)
|
|
# Find in Cloudflare dashboard URL: https://dash.cloudflare.com/ACCOUNT_ID
|
|
CF_ACCOUNT_ID=your_cloudflare_account_id
|
|
|
|
# CF_ZONE_ID: Your default Cloudflare Zone ID
|
|
# Found on the Cloudflare dashboard Overview page for your domain.
|
|
# This serves as the fallback zone ID for any hostnames that don't explicitly
|
|
# specify their zone with the 'zonename' label.
|
|
#
|
|
# For multi-domain setups across different Cloudflare zones:
|
|
# 1. Set this to your primary/most common zone's ID, and use 'zonename' labels for others, OR
|
|
# 2. Always use 'zonename' labels on all containers and make this optional
|
|
CF_ZONE_ID=your_cloudflare_zone_id
|
|
|
|
# TUNNEL CONFIGURATION
|
|
# ===================
|
|
|
|
# Tunnel Name (REQUIRED only when NOT using external cloudflared)
|
|
# This will be created automatically if it doesn't exist and external mode is not enabled
|
|
TUNNEL_NAME=dockflared-tunnel
|
|
|
|
# External Cloudflared Configuration (DANGER ZONE)
|
|
# Be careful can remove all existing cloudflare tunnel entrys
|
|
#
|
|
# Not recommended unless you know what to do. Starting with version 1.7
|
|
# The update_cloudflare_config function now takes a MORE authoritative stance:
|
|
# for the DockFlare-managed tunnel, any non-wildcard, non-catch-all ingress rule found on
|
|
# Cloudflare that is not present in DockFlare's managed_rules
|
|
# (either from Docker labels or manual UI entries) will be REMOVED by DockFlare.
|
|
# This ensures the tunnel configuration accurately reflects DockFlare's intended state.
|
|
# True external wildcards and the API's catch-all rule are still preserved.
|
|
# USE_EXTERNAL_CLOUDFLARED=false
|
|
|
|
# Required if USE_EXTERNAL_CLOUDFLARED=true
|
|
# Find this in your Cloudflare dashboard: Access → Tunnels → select your tunnel
|
|
# The ID is shown in the URL or in the Overview tab
|
|
# EXTERNAL_TUNNEL_ID=6ff42ae2-765d-4adf-befc-ca51f8e4e688
|
|
|
|
# DOCKER CONFIGURATION
|
|
# ==================
|
|
|
|
# Docker Network Name (used for internal cloudflared mode)
|
|
CLOUDFLARED_NETWORK_NAME=cloudflare-net
|
|
|
|
# BEHAVIOR SETTINGS
|
|
# ===============
|
|
|
|
# Label Prefix for Docker Containers
|
|
# All labels will start with this prefix
|
|
LABEL_PREFIX=cloudflare.tunnel
|
|
|
|
# Grace Period for Rule Deletion (in seconds)
|
|
# How long to keep rules after container stops (default: 1h)
|
|
GRACE_PERIOD_SECONDS=6000
|
|
|
|
# Cleanup Interval (in seconds)
|
|
# How often to check for rules to delete
|
|
CLEANUP_INTERVAL_SECONDS=300
|
|
|
|
# Agent Status Update Interval (in seconds)
|
|
# How often to check cloudflared agent status
|
|
AGENT_STATUS_UPDATE_INTERVAL_SECONDS=10
|
|
|
|
# State File Path (where to save tunnel state)
|
|
STATE_FILE_PATH=/app/data/state.json
|
|
|
|
# Enable Scanning All Docker Networks (default: false)
|
|
# Set to true to discover containers across all networks
|
|
SCAN_ALL_NETWORKS=false
|
|
|
|
# PERFORMANCE SETTINGS
|
|
# ===================
|
|
|
|
# Maximum Concurrent DNS Operations
|
|
# How many DNS operations can run at once during reconciliation
|
|
# Lower this value if you experience API rate limiting with Cloudflare
|
|
MAX_CONCURRENT_DNS_OPS=3
|
|
|
|
# Reconciliation Batch Size
|
|
# How many DNS records to process in each batch during reconciliation
|
|
# Lower this value on systems with limited resources
|
|
RECONCILIATION_BATCH_SIZE=3
|
|
|
|
# PROXY SETTINGS
|
|
# ============
|
|
|
|
# Trusted Proxies
|
|
# IP ranges that are trusted to provide X-Forwarded-* headers
|
|
# Comma-separated list of IPs or CIDR ranges
|
|
TRUSTED_PROXIES=172.16.0.0/12,192.168.0.0/16
|
|
|
|
# TLS VERIFICATION
|
|
# ==============
|
|
|
|
# Default TLS Verification Setting
|
|
# When true, skip TLS verification for all origin services by default
|
|
DEFAULT_NO_TLS_VERIFY=false |