forked from TheRealCodeVoyage/arr-stack-setup-with-pihole
-
Notifications
You must be signed in to change notification settings - Fork 82
Expand file tree
/
Copy pathdocker-compose.cloudflared.yml
More file actions
51 lines (48 loc) · 1.83 KB
/
docker-compose.cloudflared.yml
File metadata and controls
51 lines (48 loc) · 1.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# ═══════════════════════════════════════════════════════════════════════════════
# CLOUDFLARE TUNNEL - Secure remote access without port forwarding (Anywhere setup)
#
# What it does:
# - Creates an encrypted tunnel from your NAS to Cloudflare's network
# - Routes jellyfin.yourdomain.com → your Jellyfin through the tunnel
# - No ports exposed on your router = more secure
#
# You DON'T need this if you're only accessing services locally.
# Requires: Cloudflare account (free), domain pointed to Cloudflare.
#
# No web UI - runs silently in background.
#
# NOTE: Uses separate project name so compose operations on other files
# don't accidentally stop the tunnel (was causing Error 1033).
# ═══════════════════════════════════════════════════════════════════════════════
name: cloudflared
services:
cloudflared:
image: cloudflare/cloudflared:2026.3.0
container_name: cloudflared
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
command: tunnel --config /home/nonroot/.cloudflared/config.yml run
volumes:
- ./cloudflared:/home/nonroot/.cloudflared:ro
networks:
arr-stack:
ipv4_address: 172.20.0.12
healthcheck:
test: ["CMD", "cloudflared", "tunnel", "info", "nas-tunnel"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
labels:
- "deunhealth.restart.on.unhealthy=true"
restart: always
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
networks:
arr-stack:
external: true