Traefik Tunnel Expose with Docker and Cloudflare

By /

Listen to this Post

Featured Image
Using Docker to combine Traefik and Cloudflare Tunnel allows you to securely expose local services to the internet without opening ports. This setup provides:
– ⚡ Load balancing via Traefik
– 🔐 Secure access (no open ports)
– 🔑 Automatic SSL
– 🌍 Easy DNS management with automation scripts

Check the guide here: https://lnkd.in/gsJ_N9v9

You Should Know:

1. Setting Up Docker & Traefik

First, ensure Docker is installed:

sudo apt update && sudo apt install docker.io docker-compose -y

2. Basic Traefik Configuration (`docker-compose.yml`)

version: '3'

services: 
traefik: 
image: traefik:v2.10 
command: 
- --api.insecure=true 
- --providers.docker 
- --entrypoints.web.address=:80 
ports: 
- "80:80" 
- "8080:8080" 
volumes: 
- /var/run/docker.sock:/var/run/docker.sock

3. Cloudflare Tunnel Setup

Install `cloudflared`:

wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -O /usr/local/bin/cloudflared 
chmod +x /usr/local/bin/cloudflared

Authenticate:

cloudflared tunnel login

Create a tunnel:

cloudflared tunnel create <TUNNEL_NAME>

4. Configure DNS & Routing

Edit `config.yml`:

tunnel: <TUNNEL_NAME> 
credentials-file: /path/to/credentials.json 
ingress: 
- hostname: yourdomain.com 
service: http://traefik:80 
- service: http_status:404

Run the tunnel:

cloudflared tunnel run <TUNNEL_NAME>

5. Automate with Systemd (Linux)

Create a service file (`/etc/systemd/system/cloudflared.service`):

[bash] 
Description=Cloudflare Tunnel 
After=network.target

[bash] 
ExecStart=/usr/local/bin/cloudflared tunnel run <TUNNEL_NAME> 
Restart=always 
User=root

[bash] 
WantedBy=multi-user.target

Enable & start:

sudo systemctl enable --now cloudflared

What Undercode Say:

This setup ensures secure, zero-trust access to internal services without exposing ports. Traefik handles routing, while Cloudflare Tunnel encrypts traffic. Automation via scripts and systemd ensures reliability.

Expected Output:

✔ Traefik Dashboard at `http://localhost:8080`

✔ Cloudflare Tunnel Active (`cloudflared tunnel list`)

✔ HTTPS Access via Cloudflare DNS

For more details, visit: Cloudflare Tunnels Docs

Prediction:

As zero-trust networking grows, more organizations will adopt Cloudflare Tunnels + Traefik for secure, scalable internal service exposure. Expect deeper Kubernetes & CI/CD integrations.

IT/Security Reporter URL:

Reported By: Zenkiet Traefik – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: