Binding a Domain to Coolify with Cloudflare Zero Trust
This guide is intended for Coolify users who want to bind Coolify along with apps deployed on a local server, but face issues with port forwarding blocked by their ISP. We'll utilize tunneling, bridging the gap between your services through Cloudflare Tunnel.
Preparation: Before you begin, make sure to register with Cloudflare if you don't already have an account.
Step 1: Bind Your Domain to Cloudflare
In this step, you'll transfer the DNS management from your domain provider to Cloudflare. Here's how:
- Log in to the Cloudflare admin panel, click on the website menu, and then hit add site.
- Enter your domain and click next For this trial, select the free plan and click continue.
- Enter the NS records provided by your domain provider into the Cloudflare DNS panel.
- Wait a while until your domain is successfully integrated with Cloudflare.
Step 2: Create a Tunnel to Zero Trust Panel
Now that you've transferred DNS management to Cloudflare, you need to create a tunnel to be run on your Coolify server. Here's how:
- Go to the Access menu and click Launch Zero Trust.
- Select your account. For the first time, you'll need to fill in billing information and link your credit card or PayPal as payment. You can choose the free option for Zero Trust if available.
- Once done, you'll be taken to the Zero Trust dashboard. Select Access and then Tunnels.
- Click Create a tunnel, name your tunnel, and click next.
- You'll have several environment connector tunnel options, ranging from Windows to Docker. We'll use Docker because Coolify is installed inside it.
- After choosing Docker, Cloudflare will provide a command to run on your Coolify server. Here's an example:
docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token <JWT_TOKEN>
For ease of access, modify the Cloudflare command as follows:
docker run -d --name cloudflare-tunnel cloudflare/cloudflared:latest tunnel --no-autoupdate run --token <JWT_TOKEN>
- Execute this command using the terminal on the computer where Coolify is installed. Once done, you should see a 'connected' status in the Cloudflare tunnel panel, then click 'next.'
Step 3: Connect Coolify Reverse Proxy to the Tunnel
Now that you've connected Cloudflare Zero Trust Tunnel to your local Coolify server, let's connect Coolify Zero Trust to Coolify Reverse Proxy. Here's how:
- Ensure that your Cloudflare tunnel is still running:
docker ps
If you see cloudflare-tunnel, you can proceed. If not, repeat the previous step.
- Verify the existence of the Coolify network group:
docker network ls
If you find coolify and coolify-infra, you can go to next step.
- Connect cloudflare-tunnel to the Coolify network group to establish a connection with the Coolify reverse proxy:
docker network connect cloudflare-tunnel coolify
docker network connect cloudflare-tunnel coolify-infra
- Ensure that the tunnel is connected to the Coolify network group:
docker network inspect coolify
docker network inspect coolify-infra
If cloudflare-tunnel is listed, you've successfully connected the Coolify reverse proxy to the Cloudflare Zero Trust tunnel.
Step 4: Connect Applications or Coolify Panels to the Domain or Subdomain
Now that you've connected your local Coolify server to the Cloudflare Zero Trust tunnel, the next step is to link Coolify applications or panels to your domain or subdomain. Here's how:
- Go to the Public Hostname menu and click Add a public hostname.
- Choose the domain integrated with Cloudflare, and you can fill in the subdomain field if you want to use a subdomain.
- In the service section, select http, and in the URL field, enter 'coolify-proxy:80,' then click Save hostname.
Repeat Step 4 for each new application deployment on Coolify.
By following these steps, you can effectively bind your Coolify setup to Cloudflare Zero Trust, overcoming ISP port forwarding limitations and ensuring secure access to your Coolify services.