Hello everyone,
v3.0.9 is out, and it is a meaningful one for anyone running agents across multiple servers.
The headline is Cloudflare Zero Trust integration for the agent layer. But there is a lot more in here: a one-liner install for the master, live connector data from the Cloudflare API, a one-liner deploy flow for agents, a handful of fixes, and some UI polish on the Agents page.
Highlights
- One-liner install for DockFlare Master via [dockflare.app](https://dockflare.app)
- One-liner and Compose snippet agent deployment, generated per API key
- Cloudflare Zero Trust service token provisioning for secure agent communication
- Live cloudflared version and origin IP fetched directly from the Cloudflare API
- Agents table responsive layout fix and visual refresh
What's New
One-Liner Install for DockFlare Master
Getting DockFlare running now takes a single command:
curl -fsSL https://dockflare.app/install.sh | bashThe script checks that Docker and Docker Compose are available, creates ~/dockflare/, writes a production-ready docker-compose.yml, provisions the cloudflare-net network, pulls the images, and starts all services. Open http://<your-server-ip>:5000 when it finishes and follow the setup wizard.
Optional overrides are supported via environment variables before the pipe. The Quick Start guide has been updated to present this as Option A alongside the existing manual compose path as Option B.
One-Liner Agent Deployment
Each agent API key now has a Deploy button on the Agents page. It opens a modal with two tabs:
- Quick Deploy - a fully pre-filled
curl | bashone-liner with all credentials embedded automatically: Master URL, API key, CF Access client ID and secret. - Compose Snippet - a ready-to-use
docker-compose.ymlfor anyone who prefers to review before running.
This option requires two things to be configured on the master first: Cloudflare Zero Trust (Agents → Setup Zero Trust) and the DockFlare Public URL (Settings → General). The Public URL is used to construct the master endpoint baked into the generated script. Both are opt-in.
Cloudflare Zero Trust for Agent Communication
DockFlare can now automatically provision a Cloudflare Access Application and Service Token scoped to the agent API endpoint. Once configured, all agent traffic is authenticated at the Cloudflare edge before it ever reaches your server.
This removes the need for a separate private network, VPN, or Tailscale setup between master and agents.
Setup and removal are handled entirely from the Agents page, no Cloudflare dashboard visit required. The Access Application is created with a non_identity service token policy for agents alongside an automatic bypass policy for admin browser sessions, so nothing breaks for existing workflows.
Existing agents without service token credentials continue to work without any changes required.
Note: This requires adding
Account: Access: Service Tokens: Editto your Cloudflare API token permissions. The Prerequisites guide and README have both been updated to reflect this.
Live Cloudflared Version and Origin IP
The Agents table previously showed a hardcoded cloudflared version. It now shows live data fetched directly from the Cloudflare API, no changes to the DockFlare Agent required.
Two new data points per agent:
- Cloudflared Version with platform sub-line (e.g.
2026.3.0 / linux_arm64) - Origin IP showing the public IP of the cloudflared connector
Data is cached for 60 seconds to avoid unnecessary API calls.
DockFlare Public URL Setting
The DockFlare Public URL is now configurable from Settings → General. It is stored in the encrypted config store and used when constructing the Cloudflare Access Application scope and the generated deploy commands.
For the full technical breakdown see CHANGELOG.md.
Updated documentation:
- [Quick Start](https://dockflare.app/docs/quick-start-docker-compose
- [Multi-Server Agent](https://dockflare.app/docs/multi-server-agent)
Happy tunnelling,
Christian