Running Portainer with Cloudflare Tunnels and Traefik
Assumptions
- How to use terraform
- How Docker compose files work
- A Cloudflare account
Prerequisites
- Cloudflare token with
editpermission on the following resources
Account - Cloudflare Tunnel
Account - Access: Organizations, Identity Providers and Groups
Zone - DNS
Zone - Zone: Apps and Policies
Goal
Expose the portainer webhook to update docker stacks as well as any other apps in an internal network.
Getting up and running
Here is the file structure we will end up with.
.
├── app
│ └── docker-compose.yaml
├── network
│ ├── docker-compose.yaml
│ ├── .env
│ ├── main.tf
│ ├── traefik.toml
│ └── variables.tf
├── network.tf
└── *.tf # the rest of the infra code
Step One - Set Up The Cloudflare Tunnel With A Terraform Module
First in network/variables.tf declare the first few variables we will need.
network/variables.tf
Declare the module provider.
network/main.tf
And retrieve the id for the default One-time PIN login provider.
network/main.tf
Now that the boiler plate is in place let create a new Application for self-hosted apps and the related access policy.
network/main.tf
With the self-hosted app configured now we can create the cloudflare tunnel and configure it.
network/main.tf
Generate the dns records for the tunnel end points
network/main.tf
Now that the module is set up we can pass in our configuration.
network.tf
Step Two - CloudflareD, Traefik and Portainer with Docker Compose
network/traefik.toml
network/docker-compose.yaml