app-cloudflared
Unofficial cloudflared Docker Image
636
β οΈ This Docker image is not an official Cloudflare product.
This image supports multiple architectures π‘, making it compatible with a wide range of devices.
The public image currently supports:
| Docker Target | Known As | Notes |
|---|---|---|
linux/amd64 | x86_64 | β Most modern PCs and servers use this architecture. |
linux/386 | x86 | π» For older 32-bit Intel/AMD CPUs β typically found in legacy systems. |
linux/arm64 | aarch64 | π 64-bit ARM hardware β ideal for Raspberry Pi 2/3/4 running 64-bit OS. |
linux/s390x | IBM Z | π₯οΈ Designed for IBM mainframes β learn more hereβ . |
linux/loong64 | ιΎθ― | π ζͺη»θΏζ΅θ―οΌζ¬’θΏει¦ |
This image should behave similarly to the official Cloudflared imageβ .
Hereβs a sample docker-compose.yml file using Zero Trust dashboard setup:
services:
cloudflared:
image: liuzhen932/app-cloudflared:latest
restart: unless-stopped
command: tunnel run
environment:
- TUNNEL_TOKEN=${TUNNEL_TOKEN}
π’ Note:
Earlier versions of this README suggested using--token ${CLOUDFLARED_TOKEN}, which is less secure β.
Using theTUNNEL_TOKENenvironment variable is a safer and better approach β .
While not the primary purpose of this image, you can also deploy it as a DNS resolver that forwards queries to a DNS-over-HTTPS backend π.
docker run -d -p 53:53/udp --name cf-proxy-dns liuzhen932/app-cloudflared:latest proxy-dns --address 0.0.0.0
This creates a DNS resolver container (cf-proxy-dns) that listens for DNS requests on your host π‘.
β οΈ Security Note:
On public servers (e.g., VPS), this defaults to listening on all interfaces, exposing your server as a public DNS resolver π.
To restrict it to localhost only (safer):-p 127.0.0.1:53:53/udp
Add --upstream to specify alternative DNS backends, e.g.:
--upstream https://dns.example.com
Defaults to Cloudflare DNS (https://cloudflare-dns.com/dns-query) if unspecified β
.
Content type
Image
Digest
sha256:17cbf0363β¦
Size
9.7 MB
Last updated
8 days ago
docker pull liuzhen932/app-cloudflared