WildCat's Blog

Practical Cloudflare Tunnel Guide: Deploy a Blog Commenting Service


Cloudflare Tunnel is a great tool to help us deploy backend services on the cloud. This post would use a tiny example to demonstrate how to leverage Cloudflare Tunnel with Docker. With CF Tunnel, we don’t need to configure Nginx or its alternatives. Futhermore, we don’t need a public IP address to host a website.


Since my blog was migrated to Hugo from Jelly, I disabled Disqus becuase it has user tracking code. There are many great community alternatives to Disqus, Remark42 is a great one. I chose it because:

It is like a small service so I don’t want to set up a tranditional reserve proxy for it. Instead, I would like to practice Cloudflare Tunnel via cloudflared.

Create docker-compose.yml for Remark42

It is quite straight-forward by following their documentation:

version: "2"

    build: .
    image: umputun/remark42:latest
    container_name: "remark42"
    restart: always
      driver: json-file
        max-size: "10m"
        max-file: "5"
      - REMARK_URL
      - SECRET
      # - DEBUG=true
      # - ADMIN_PASSWD
      - ./var:/srv/var

We also need to create .env file to set up those environment variables.

Set up cloudflared

A prerequisite of this step is to have an active Cloudflare account. After that, we can download cloudflared and log into it:

wget https://github.com/cloudflare/cloudflared/releases/download/2022.5.1/cloudflared-linux-amd64
chmod +x cloudflared-linux-amd64
./cloudflared-linux-amd64 login

After that, we can create a new tunnel:

./cloudflared-linux-amd64 tunnel create cat-comment

After that, we will see the UUID of this tunnel. Please take a note of it. If you forget to do that, please run this command to view all tunnels:

./cloudflared-linux-amd64 tunnel list

After that, we need to have a yaml file for cloudflared to run this tunnel:

# config.yml
credentials-file: /etc/cloudflared/[tunnel-uuid].json

  - hostname: [tunnel-uuid].cfargotunnel.com
    service: http://remark:8080
  - hostname: remark.[your-domain].com
    service: http://remark:8080
  - service: http_status:404

This file would be consumed later in Docker.

Dockerize cloudflared

We can set up cloudflared services on our host machine but it is not a sustainable solution. Instead, we can use Docker to run cloudflared on the host. First, we can append the following section to docker-compose.yml:

    image: cloudflare/cloudflared:latest
      - ./config.yml:/home/nonroot/.cloudflared/config.yml
      - /home/[host-username]/.cloudflared:/etc/cloudflared
      - TUNNEL_ORIGIN_CERT=/etc/cloudflared/cert.pem
      # sudo chmod -R 755 ~/.cloudflared/cert.pem
      # We need the command above because nonroot user (used in Dockerfile) cannot access this cert.
    restart: always
    command: tunnel run [tunnel-uuid]

Now we finished all the coding part. We can run docker-compose up to start the Docker containers.

Configure DNS for cloudflared

The next step is to go to the DNS management page of the domain hosted on Cloudflare.com. Then, we need to create a new CNAME record and point it to [tunnel-uuid].cfargotunnel.com.

As of now, everything is ready!

You can see the comment block below to add new comments. It is powered by CloudFlare Tunnel and Remark42.