Step-by-Step to configure Traefik on Unraid via Cloudflare tunnels

Got it! Let’s go through the process of setting up Cloudflare tunnels using the Cloudflare Tunnel Community App on Unraid, and then configuring Traefik to route traffic through these tunnels.

Step 1: Install Cloudflare Tunnel Community App

1. Install Cloudflare Tunnel App:

   • Open the Unraid web UI.
   • Navigate to the Apps tab.
   • Search for Cloudflare Tunnel and install the Cloudflare Tunnel Community App.

2. Configure Cloudflare Tunnel:

   • Once installed, go to the Docker tab and click on the cloudflared container.
   • Edit the container settings and make sure to set the necessary environment variables and volume mappings. Typically, you’ll need to provide:
     • TUNNEL_TOKEN: The token provided by Cloudflare when you create a tunnel.

Step 2: Create Cloudflare Tunnel

1. Create a Cloudflare Tunnel:

   • Log in to your Cloudflare dashboard.
   • Go to Zero Trust → Access → Tunnels.
   • Click on Create Tunnel and follow the instructions to generate a token.

2. Configure the Tunnel in the App:

   • Enter the token you received from Cloudflare into the TUNNEL_TOKEN environment variable in the Cloudflare Tunnel container settings.
   • Save and start the Cloudflare Tunnel container.

Configure DNS Records in Cloudflare

1. Add CNAME Records:
   • Go to the DNS settings in your Cloudflare dashboard.
   • Add a CNAME record for each subdomain you want to use for your apps (e.g., app1.domain.com, app2.domain.com), pointing to @ (your root domain).

Step 4: Set Up Traefik

1. Install Traefik on Unraid:

   • Go to the Unraid web UI.
   • Navigate to Apps and search for Traefik.
   • Install the Traefik Docker container.

2. Create Traefik Configuration Files:

   • Create a folder for Traefik configuration, e.g., /mnt/user/appdata/traefik/.

3. traefik.yml:

   • Create a traefik.yml file in the Traefik configuration folder:

     api:
       dashboard: true
     
     entryPoints:
       web:
         address: ":80"
       websecure:
         address: ":443"
     
     providers:
       docker:
         endpoint: "unix:///var/run/docker.sock"
         exposedByDefault: false
     
     certificatesResolvers:
       cloudflare:
         acme:
           email: your-email@example.com
           storage: acme.json
           dnsChallenge:
             provider: cloudflare
             resolvers:
               - "1.1.1.1"
     

4. dynamic.yml:

   • Create a dynamic.yml file in the Traefik configuration folder for your routes:

     http:
       routers:
         app1:
           rule: "Host(`app1.domain.com`)"
           service: app1
           entryPoints:
             - websecure
           tls:
             certResolver: cloudflare
     
         app2:
           rule: "Host(`app2.domain.com`)"
           service: app2
           entryPoints:
             - websecure
           tls:
             certResolver: cloudflare
     
       services:
         app1:
           loadBalancer:
             servers:
               - url: "http://app1:8080"
         app2:
           loadBalancer:
             servers:
               - url: "http://app2:8080"
     

5. Docker Labels:

   • Add labels to your Docker containers for Traefik to pick up:

     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.app1.rule=Host(`app1.domain.com`)"
       - "traefik.http.services.app1.loadbalancer.server.port=8080"
     
       - "traefik.enable=true"
       - "traefik.http.routers.app2.rule=Host(`app2.domain.com`)"
       - "traefik.http.services.app2.loadbalancer.server.port=8080"
     

Step 5: Start Traefik

1. Run Traefik Docker Container:

   • Start the Traefik container using the Unraid Docker GUI.
   • Ensure the volumes are correctly mapped, especially for /var/run/docker.sock.

2. Access the Dashboard:

   • You can access the Traefik dashboard at http://<unraid-ip>:8080/dashboard/.

Step 6: Configure Cloudflare API Token

1. Create API Token:
   • In Cloudflare, go to My Profile → API Tokens.
   • Create a new API token with permissions to manage DNS for your domain.
   • Use this token in the traefik.yml file under the DNS challenge configuration.

Example Configuration Files

traefik.yml

api:
  dashboard: true

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  cloudflare:
    acme:
      email: your-email@example.com
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1"

dynamic.yml

http:
  routers:
    app1:
      rule: "Host(`app1.domain.com`)"
      service: app1
      entryPoints:
        - websecure
      tls:
        certResolver: cloudflare

    app2:
      rule: "Host(`app2.domain.com`)"
      service: app2
      entryPoints:
        - websecure
      tls:
        certResolver: cloudflare

  services:
    app1:
      loadBalancer:
        servers:
          - url: "http://app1:8080"
    app2:
      loadBalancer:
        servers:
          - url: "http://app2:8080"

This setup should help you get Traefik running on Unraid with Cloudflare tunnels, allowing you to access your apps via subdomains.