Cloudflared installable feature
⚠ Optional Feature
This feature is not pre-installed in Kloud Workspace. Install it using the features system before use.
Cloudflare Tunnel exposes the workspace to the internet through an outbound-only connection to Cloudflare's edge, no inbound ports and no public IP on the host.
The cloudflared feature installs the tunnel connector. Once a tunnel token is supplied, the workspace runs and supervises the tunnel automatically.
Installation
Install cloudflared using the features system:
sh
# Manual installation
ws feature install cloudflared
# Or at boot time
docker run \
-e WS_FEATURES_ADDITIONAL_FEATURES="cloudflared" \
ghcr.io/kloudkit/workspace:v0.3.0Running a Tunnel
Create a remotely-managed tunnel in the Cloudflare dashboard and copy its connector token.
Provide it through WS_CLOUDFLARED_TUNNEL_TOKEN and the tunnel starts automatically on boot:
sh
docker run \
-e WS_CLOUDFLARED_TUNNEL_TOKEN="<token>" \
-e WS_FEATURES_ADDITIONAL_FEATURES="cloudflared" \
ghcr.io/kloudkit/workspace:v0.3.0The tunnel is supervised: if it exits, it is restarted automatically. When no token is set, the tunnel stays dormant.
💡 TIP
WS_CLOUDFLARED_TUNNEL_TOKEN is a secret.
Besides the literal value, you can supply it as a file: reference (file:/path/to/token) or mount it at /run/secrets/workspace/cloudflared/tunnel_token.
Logs
Inspect the tunnel's output with ws-cli:
sh
ws logs --target=cloudflared