Overview
DockFlare 3.0 is the biggest leap forward for the project to date. The master can now orchestrate Cloudflare tunnels across multiple Docker hosts via the new DockFlare Agent, transforming the UI into a central fleet control room. With Redis underpinning the event bus for enhanced reliability, this release also introduces a hardened security posture and a completely new compose stack. Please review the upgrade notes carefully before pulling the new image.
Highlights
- Multi-Host Management with DockFlare Agent (Beta): Deploy lightweight agents on remote Docker hosts, enroll them from the master UI, and let DockFlare manage their tunnels automatically. (Agent Repository).
- Centralized Agent Dashboard: A new dashboard to generate API keys, enroll agents, monitor heartbeats, assign tunnels, and revoke access, all in one place.
- Remote Manual Rules: Create manual ingress rules from the master UI and apply them to any enrolled tunnel, regardless of where the target container is running.
- Simplified Tunnel Cleanup: The "All Cloudflare Tunnels on Account" panel now includes a one-click delete option to easily remove stale tunnels.
- Redis-Powered Architecture: Redis is now required for caching and the command/event bus, improving reliability and paving the way for future scalability.
- Major Security Hardening: The DockFlare container now runs as a non-root user, significantly reducing its attack surface. This release also includes reveal-on-demand master API keys, a locked-down setup wizard, an encrypted agent key store, and a detailed Security Architecture guide.
- Full Backup & Restore: Download a complete, timestamped archive of your DockFlare instance (including encrypted credentials and agent keys) and restore it via the UI to rebuild a master in minutes. (Backup & Restore Guide).
- Comprehensive Documentation Refresh: The documentation has been updated, including a new Quick Start (Docker Compose) guide for v3 and an expanded Multi-Server & Agent Guide.
Upgrade Notes
-
Create a Full Backup: Before upgrading, go to
Settings -> Backup & Restoreand click Download Backup (.zip). This archive contains all necessary files, including your encrypted credentials. -
Update your
docker-compose.yml: The v3 release requires a newdocker-compose.ymlthat includes Redis and uses a more secure socket proxy. Replace your existing compose file with the new version provided below. See the Quick Start Guide for more details.⚠️ Click to expand the recommended `docker-compose.yml` for v3
The stable v3 stack expects Redis and the new network layout. Update your compose file before restarting the master:
version: '3.8' services: docker-socket-proxy: image: tecnativa/docker-socket-proxy:v0.4.1 container_name: docker-socket-proxy restart: unless-stopped environment: - DOCKER_HOST=unix:///var/run/docker.sock - CONTAINERS=1 - EVENTS=1 - NETWORKS=1 - IMAGES=1 - POST=1 - PING=1 - INFO=1 - EXEC=1 volumes: - /var/run/docker.sock:/var/run/docker.sock networks: - dockflare-internal dockflare-init: image: alpine:3.20 command: ["sh", "-c", "chown -R 65532:65532 /app/data"] volumes: - dockflare_data:/app/data networks: - dockflare-internal restart: "no" dockflare: image: alplat/dockflare:stable container_name: dockflare restart: unless-stopped ports: - "5000:5000" volumes: - dockflare_data:/app/data environment: - REDIS_URL=redis://redis:6379/0 - DOCKER_HOST=tcp://docker-socket-proxy:2375 depends_on: docker-socket-proxy: condition: service_started dockflare-init: condition: service_completed_successfully redis: condition: service_started networks: - cloudflare-net - dockflare-internal redis: image: redis:7-alpine container_name: dockflare-redis restart: unless-stopped command: ["redis-server", "--save", "", "--appendonly", "no"] volumes: - dockflare_redis:/data networks: - dockflare-internal volumes: dockflare_data: dockflare_redis: networks: cloudflare-net: name: cloudflare-net external: true dockflare-internal: name: dockflare-internal
Note: Create the external network once via
docker network create cloudflare-net. This compose file uses named volumes for data persistence. -
Create External Network: If you haven't already, create the required external network:
docker network create cloudflare-net. -
Pull the New Image & Restart: Pull the
alplat/dockflare:stableimage and restart your stack withdocker compose up -d. -
Review Agents Page: After the upgrade, your existing setup will be in single-node mode. Go to the new "Agents" page to start enrolling remote agents.
-
Deploy DockFlare Agents: Deploy the
dockflare-agentcontainer on your remote hosts and enroll them using the API keys from the master's Agent Dashboard. -
Restoring on a Fresh Install? The setup wizard now has a "Restore from Backup" option. Use this to import your backup archive on a fresh installation before creating a new account.
Breaking Changes
- Redis is now required. DockFlare will not start if the
REDIS_URLenvironment variable is missing or if the Redis server is unreachable. - The
docker-compose.ymlfile has a new structure. The v3 stack requires Redis, a socket proxy, and new volume configurations. Old compose files are incompatible and will fail to start. Please use the new template. - The embedded
cloudflaredis for the master host only. For managing tunnels on other hosts, the new DockFlare Agent is the required approach.
Known Issues
- The DockFlare Agent is in beta. Performance with high-volume event streams may vary and might require tuning of settings like
POLL_INTERVALor Redis resources. - The Master API Key is still used for external integrations. If you have stored this key elsewhere, it's recommended to regenerate it.
- Redis is a critical component. In a single-node setup, ensure you monitor the health of the Redis container. If Redis goes down, agent communication will be interrupted.
Resources
- Quick Start Guide (Docker Compose)
- Multi-Server & Agent Guide
- Security Architecture Guide
- Backup and Restore Guide
- DockFlare Agent Repository
- Full Changelog