Got it! Let’s go through the process of setting up Cloudflare tunnels using the Cloudflare Tunnel Community App on Unraid, and then configuring Traefik to route traffic through these tunnels.
Step 1: Install Cloudflare Tunnel Community App
-
Install Cloudflare Tunnel App:
- Open the Unraid web UI.
- Navigate to the Apps tab.
- Search for
Cloudflare Tunnel
and install the Cloudflare Tunnel Community App.
-
Configure Cloudflare Tunnel:
- Once installed, go to the Docker tab and click on the
cloudflared
container. - Edit the container settings and make sure to set the necessary environment variables and volume mappings. Typically, you’ll need to provide:
TUNNEL_TOKEN
: The token provided by Cloudflare when you create a tunnel.
- Once installed, go to the Docker tab and click on the
Step 2: Create Cloudflare Tunnel
-
Create a Cloudflare Tunnel:
- Log in to your Cloudflare dashboard.
- Go to Zero Trust → Access → Tunnels.
- Click on Create Tunnel and follow the instructions to generate a token.
-
Configure the Tunnel in the App:
- Enter the token you received from Cloudflare into the
TUNNEL_TOKEN
environment variable in the Cloudflare Tunnel container settings. - Save and start the Cloudflare Tunnel container.
- Enter the token you received from Cloudflare into the
Configure DNS Records in Cloudflare
- Add CNAME Records:
- Go to the DNS settings in your Cloudflare dashboard.
- Add a CNAME record for each subdomain you want to use for your apps (e.g.,
app1.domain.com
,app2.domain.com
), pointing to@
(your root domain).
Step 4: Set Up Traefik
-
Install Traefik on Unraid:
- Go to the Unraid web UI.
- Navigate to Apps and search for Traefik.
- Install the Traefik Docker container.
-
Create Traefik Configuration Files:
- Create a folder for Traefik configuration, e.g.,
/mnt/user/appdata/traefik/
.
- Create a folder for Traefik configuration, e.g.,
-
traefik.yml:
- Create a
traefik.yml
file in the Traefik configuration folder:api: dashboard: true entryPoints: web: address: ":80" websecure: address: ":443" providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false certificatesResolvers: cloudflare: acme: email: your-email@example.com storage: acme.json dnsChallenge: provider: cloudflare resolvers: - "1.1.1.1"
- Create a
-
dynamic.yml:
- Create a
dynamic.yml
file in the Traefik configuration folder for your routes:http: routers: app1: rule: "Host(`app1.domain.com`)" service: app1 entryPoints: - websecure tls: certResolver: cloudflare app2: rule: "Host(`app2.domain.com`)" service: app2 entryPoints: - websecure tls: certResolver: cloudflare services: app1: loadBalancer: servers: - url: "http://app1:8080" app2: loadBalancer: servers: - url: "http://app2:8080"
- Create a
-
Docker Labels:
- Add labels to your Docker containers for Traefik to pick up:
labels: - "traefik.enable=true" - "traefik.http.routers.app1.rule=Host(`app1.domain.com`)" - "traefik.http.services.app1.loadbalancer.server.port=8080" - "traefik.enable=true" - "traefik.http.routers.app2.rule=Host(`app2.domain.com`)" - "traefik.http.services.app2.loadbalancer.server.port=8080"
- Add labels to your Docker containers for Traefik to pick up:
Step 5: Start Traefik
-
Run Traefik Docker Container:
- Start the Traefik container using the Unraid Docker GUI.
- Ensure the volumes are correctly mapped, especially for
/var/run/docker.sock
.
-
Access the Dashboard:
- You can access the Traefik dashboard at
http://<unraid-ip>:8080/dashboard/
.
- You can access the Traefik dashboard at
Step 6: Configure Cloudflare API Token
- Create API Token:
- In Cloudflare, go to My Profile → API Tokens.
- Create a new API token with permissions to manage DNS for your domain.
- Use this token in the
traefik.yml
file under the DNS challenge configuration.
Example Configuration Files
traefik.yml
api:
dashboard: true
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
cloudflare:
acme:
email: your-email@example.com
storage: acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1"
dynamic.yml
http:
routers:
app1:
rule: "Host(`app1.domain.com`)"
service: app1
entryPoints:
- websecure
tls:
certResolver: cloudflare
app2:
rule: "Host(`app2.domain.com`)"
service: app2
entryPoints:
- websecure
tls:
certResolver: cloudflare
services:
app1:
loadBalancer:
servers:
- url: "http://app1:8080"
app2:
loadBalancer:
servers:
- url: "http://app2:8080"
This setup should help you get Traefik running on Unraid with Cloudflare tunnels, allowing you to access your apps via subdomains.