Cloudflare Tunnels
A guide on how to use Cloudflare Tunnels with Coolify.
You can run Coolify on your local machine (like old laptop/Raspberry PI) and expose it to the internet without opening any ports on your router with Cloudflare Tunnels.
For more details about CF Tunnels, please visit this page.
Setup Cloudflared
You have at least two ways to setup Cloudflare Tunnels with Coolify.
Automated
Setup Tunnels on Cloudflare
-
Go to
https://one.dash.cloudflare.com/
. -
Select your account.
-
Open
Networks
->Tunnels
->Create a Tunnel
-
Connector:
Cloudflared
-
Choose any name you like.
-
Copy your
Cloudflare Tunnel Token
from any of the commands.
The token starts with eyJ...
.
- On the
Route Tunnel
tab, add the following tunnels:
You can use any domains/subdomains. This will make sure you can reach your server through Cloudflare Tunnels.
Setup Tunnels on Coolify
-
Add a new server with your server’s
IP Address
- it will be reconfigured later on. -
Validate the server.
-
After the server is validated, click on
Configure
in theCloudflare Tunnels
section. -
Paste
Cloudflare Tunnel Token
from the previous step and set theSSH Domain
to the domain you set in the previous step.
Manual
WIP
Setup Resources in Coolify
You have several options to use Cloudflare Tunnels with Coolify.
- One domain -> One resource.
- Wildcard subdomain -> All resources.
One domain -> One resource
In this case, you need to add a public domain every time you would like to expose a new resource through Cloudflare Tunnels.
You can stop Coolify Proxy
and set it to None
, it is not needed in this
case.
- Go to your tunnel settings on Cloudflare. (https://one.dash.cloudflare.com/ -> Networks -> Tunnels -> Select your tunnel)
- Switch to
Public Hostname
tab. - Add a new
Public Hostname
. - Go to Coolify and to your resource settings: - Remove any
Domains
settings. - SetPort Mappings
to the same port that you set in thePublic Hostname
settings.As an example, I’m deploying a static site, that listens in port
80
inside the container and I’m mapping it to the port8888
on the host. So, I need to set thePort Mappings
to8888:80
. - Deploy & enjoy.
Wildcard subdomain -> All resources
In this case, you only need to setup a wildcard domain once and you can expose all your resources through it.
You will need to use Coolify's Proxy
to route the traffic to the correct
resource.
- Go to your tunnel settings on Cloudflare. (https://one.dash.cloudflare.com/ -> Networks -> Tunnels -> Select your tunnel)
- Switch to
Public Hostname
tab. - Add a new wildcard
Public Hostname
. - In Cloudflare go to
Networks -> Tunnels
and click on your tunnel name. From the sidebar copy theTunnel ID
. - In Cloudflare go to your
DNS
settings and add a newCNAME
record with the following settings:Name
:*
Target
:<Tunnel ID>.cfargotunnel.com
TTL
:Auto
- Go to Coolify and to your resource settings.
Set the Domains
to any subdomain of the wildcard domain you set in the previous step.
You need to use http://
in the Domains
settings. Cloudflare will take care of the https
part.
For this you need to set SSL/TLS
to Full
in the SSL/TLS
menu on Cloudflare.
- Deploy & enjoy.
If you would like to add a new resource, you only need to do point 6 and 7.
Post Setup
After everything is setup, you can fully disable direct access to your server by disabling all the ports (except SSH (port:22 by default)
) on your firewall.
Setup self-hosted Coolify
You can use the one domain without Coolify Proxy
or wildcard setup with Coolify Proxy
to expose your self-hosted Coolify instance to the internet.
With the wildcard
setup, you have nothing to do.
With the one domain
setup, you need a bit more setup with Coolify to make it work.
Let’s say you configured the following Public Hostnames
in Cloudflare:
app.coolify.io
mapped tolocalhost:8000
realtime.coolify.io
mapped tolocalhost:6001
After you installed Coolify, you need to add 3 lines your .env
file, located in /data/coolify/source
folder.
APP_ID=<random string>
APP_KEY=<random string>
APP_NAME=Coolify
DB_PASSWORD=<random string>
PUSHER_APP_ID=<random string>
PUSHER_APP_KEY=<random string>
PUSHER_APP_SECRET=<random string>
REDIS_PASSWORD=<random string>
###########
# Add these lines
PUSHER_HOST=realtime.coolify.io
PUSHER_PORT=443
###########
This tells Coolify how to connect to it’s realtime server through Cloudflare Tunnels.
Restart Coolify with the installation script.
curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash
If you have a firewall, you also need to allow the following ports.
Verify
- Navigate to your Coolify instance, as in the example:
https://app.coolify.io
. - Login with the root user (the first user you created after installation).
- Open another tab/window and navigate to
https://app.coolify.io/realtime
. On the other tab (opened in point 2), you should see a notification about the test event. - If you know what are you doing, you can check the network tab as well. Search for a websocket connection.