ChrispyBacon-dev/DockFlare v2.0.0

DockFlare v2.0.0 - The Policy Management Update

on GitHub

This is a landmark release for DockFlare, and I'm thrilled to finally share it. Version 2.0 introduces a completely new way to handle access policies, born directly from user feedback.

First, a huge thank you to GitHub user @selimovd for opening Issue #137. His suggestion highlighted a major pain point in the old label system and was the direct inspiration for this entire feature.

Announcing the Official Project Website: dockflare.app!

With this major release, I'm excited to officially launch the project's website: https://dockflare.app

This is now the central place to find everything you need to know about DockFlare, including feature overviews, quick-start guides, and links to the official documentation. It's the best place to start for new users and a great reference for everyone.

New Feature: Access Groups

I think we can all agree that managing access rules by copying and pasting a dozen labels across every container was clumsy and a pain to maintain. The core of v2.0, Access Groups, is my solution to this problem.

• Define Policies Once: There's a new "Settings" page in the web UI where you can create reusable policy templates called Access Groups. You can create a group like nas-family or dev-team, define its rules once (allowed emails, domains, session duration), and you're done.
• Apply with a Single Label: Instead of all the old dockflare.access.* labels, you now only need one: dockflare.access.group=nas-family.
• Update Everywhere, Instantly: If you need to add someone to a group, you just edit it in the UI and hit save. DockFlare will automatically find every service using that group and update its Cloudflare Access policy. No more hunting through docker-compose.yml files.

UI Overhaul

To make room for this new feature and improve the general workflow, I've reorganized the UI.

• New Navigation: A simple navigation bar at the top now lets you switch between pages.
• A Focused Dashboard: The main page is now just a dashboard. It's focused on what DockFlare is actively managing: your Managed Ingress Rules and the Real-time Logs.
• New "Settings" Page: This is where the configuration and infrastructure details now live. It contains:
  • The new Access Groups manager.
  • The list of All Cloudflare Tunnels on Account.
  • The Tunnel & Agent Status card.
• Integrated Modals: The "Add" and "Edit Manual Rule" forms have been updated. You can now assign an Access Group directly from a dropdown, fully integrating the new system into the manual workflow.

Other Improvements

• Centralized Versioning: I've centralized the version number so I don't forget to update it in all three places on the UI anymore.
• UI Polish:
  • The logo in the header moved to the left similar to web site https://dockflare.app
  • Modals with a lot of content will now scroll properly.
• Backend Refinements: The logic for handling labels and access policies has been significantly refactored to support the new Access Groups feature.

Putting It All Together: A Workflow Example

To show how powerful and simple this new system is, let's walk through a common scenario: running a private file-sharing service for your family. We'll use PicoShare, a great lightweight container for this.

Step 1: Create the "nas-family" Access Group

First, instead of touching any YAML files, you'll configure the policy in the DockFlare UI.

1. Navigate to the new Settings page in your DockFlare instance.
2. Click the "Create New Group" button.
3. Fill out the form:
   • Display Name: NAS Family Access (This is just for the UI)
   • Group ID: nas-family (This is what you'll use in the label)
   • Allowed Emails or Domains: dad@family.com, mom@family.com
4. Click "Save Group".

That's it. Your reusable policy is now created and ready to be used by any service.

Step 2: Apply the Group in Your docker-compose.yml

Now, in your docker-compose.yml, you can set up PicoShare with a single, clean label to handle the entire access policy.

services:
  picoshare:
    image: mtlynch/picoshare
    restart: unless-stopped
    volumes:
      - ./picoshare-data:/app/data
    labels:
      # --- Basic DockFlare config ---
      - "dockflare.enable=true"
      - "dockflare.hostname=files.my-nas.com"
      - "dockflare.service=http://picoshare:8080"

      # --- Apply the Access Group ---
      # This single label applies the entire policy we just created.
      # No other access.* labels are needed.
      - "dockflare.access.group=nas-family"

Step 3: Deploy

When you run docker-compose up -d, DockFlare will automatically:

1. Detect the new container.
2. Read the access.group=nas-family label.
3. Look up the policy you created in the UI.
4. Create a dedicated Cloudflare Access Application for files.my-nas.com with the rules to only allow dad@family.com and mom@family.com.

Bonus: Applying the Same Group to a Manual Rule

And of course, this isn't limited to Docker containers. If you have another service running on a Raspberry Pi (e.g., at IP 192.168.1.50), you can protect it with the exact same policy:

1. Go to the DockFlare Dashboard and click "Add Manual Rule".
2. Fill in the details (hostname, service as http://192.168.1.50, etc.).
3. In the "Access Policy" section, simply select "NAS Family Access" from the new "Assign an Access Group" dropdown.
4. Click "Add Rule".

Now, the exact same centrally managed policy protects both your Docker container and your non-Docker service. If you need to add a new family member later, you only have to edit the group in one place, and access to both services will be updated automatically.

This was a big undertaking, and I believe it makes DockFlare significantly more powerful and easier to use. I hope you find it as useful as I do. As always, thank you for your support and feedback.