Practical Cloudflare Tunnel Guide: Deploy a Blog Commenting Service
Cloudflare Tunnel is a great tool to help us deploy backend services on the cloud. This post would use a tiny example to demonstrate how to leverage Cloudflare Tunnel with Docker. With CF Tunnel, we don’t need to configure Nginx or its alternatives. Futhermore, we don’t need a public IP address to host a website.
Since my blog was migrated to Hugo from Jelly, I disabled Disqus becuase it has user tracking code. There are many great community alternatives to Disqus, Remark42 is a great one. I chose it because:
- Backend is pretty light-weighted, only about
$ docker stats | grep remark
[hash] remark42 0.00% 6.191MiB / 7.776GiB 0.08% 1.14kB / 0B 0B / 24.1MB
- It supports multiple SSO providers.
- No databased required.
It is like a small service so I don’t want to set up a tranditional reserve proxy for it. Instead, I would like to practice Cloudflare Tunnel via
docker-compose.yml for Remark42
It is quite straight-forward by following their documentation:
version: "2" services: remark: build: . image: umputun/remark42:latest container_name: "remark42" restart: always logging: driver: json-file options: max-size: "10m" max-file: "5" environment: - REMARK_URL - SECRET # - DEBUG=true - AUTH_GOOGLE_CID - AUTH_GOOGLE_CSEC - AUTH_GITHUB_CID - AUTH_GITHUB_CSEC - AUTH_FACEBOOK_CID - AUTH_FACEBOOK_CSEC - AUTH_DISQUS_CID - AUTH_DISQUS_CSEC # - ADMIN_PASSWD volumes: - ./var:/srv/var
We also need to create
.env file to set up those environment variables.
A prerequisite of this step is to have an active Cloudflare account. After that, we can download
cloudflared and log into it:
wget https://github.com/cloudflare/cloudflared/releases/download/2022.5.1/cloudflared-linux-amd64 chmod +x cloudflared-linux-amd64 ./cloudflared-linux-amd64 login
After that, we can create a new tunnel:
./cloudflared-linux-amd64 tunnel create cat-comment
After that, we will see the UUID of this tunnel. Please take a note of it. If you forget to do that, please run this command to view all tunnels:
./cloudflared-linux-amd64 tunnel list
After that, we need to have a yaml file for
cloudflared to run this tunnel:
# config.yml credentials-file: /etc/cloudflared/[tunnel-uuid].json ingress: - hostname: [tunnel-uuid].cfargotunnel.com service: http://remark:8080 - hostname: remark.[your-domain].com service: http://remark:8080 - service: http_status:404
This file would be consumed later in Docker.
We can set up
cloudflared services on our host machine but it is not a sustainable solution. Instead, we can use Docker to run
cloudflared on the host. First, we can append the following section to
cloudflared: image: cloudflare/cloudflared:latest volumes: - ./config.yml:/home/nonroot/.cloudflared/config.yml - /home/[host-username]/.cloudflared:/etc/cloudflared environment: - TUNNEL_ORIGIN_CERT=/etc/cloudflared/cert.pem # sudo chmod -R 755 ~/.cloudflared/cert.pem # We need the command above because nonroot user (used in Dockerfile) cannot access this cert. restart: always command: tunnel run [tunnel-uuid]
Now we finished all the coding part. We can run
docker-compose up to start the Docker containers.
Configure DNS for
The next step is to go to the DNS management page of the domain hosted on Cloudflare.com. Then, we need to create a new CNAME record and point it to
As of now, everything is ready!
You can see the comment block below to add new comments. It is powered by CloudFlare Tunnel and Remark42.