homeall/cloudflared
Cloudflared in Docker image for DNS over HTTPS useful for privacy.
4.3K
You can check the repo on GitHub.
The primary purpose of creating a custom docker image with only cloudflared was to use DNS over HTTPS with only security upstreams including four DNSs (very good for fail over).
It will be very useful in Docker environment or Kubernetes where High Availability is a must.
I am using GitHub actions weekly where it will update cloudflared binary in order to keep up to date the docker image and the package.
You will find on the readme page how to use the commands with images.
It is advantageous for setting up together with PiHole.
If you need ADs protection and privacy, this may help you in long term.
It will work on any Linux box amd64 or Raspberry Pi with arm64 or arm32.
You will need to have:
This step is optional
It will come with the following security upstreams in this order:
Please review this link in order to get more details about the upstreams above.
The default port is 54.
The IP addres is 0.0.0.0
docker run -d --name cloudflare -p "54:54" homeall/cloudflared:latest
On the status column of the docker, you will notice the healthy
word.
This is telling you that docker is running healtcheck itself in order to make sure it is working properly.
Please test yourself using the following command:
> docker inspect --format "{{json .State.Health }}" cloudflare | jq
{
"Status": "healthy",
"FailingStreak": 0,
"Log": [
{
"Start": "2021-01-04T10:42:21.5982274Z",
"End": "2021-01-04T10:42:21.6848715Z",
"ExitCode": 0,
"Output": "Server:\t\t127.0.0.1\nAddress:\t127.0.0.1#54\n\nName:\tcloudflare.com\nAddress: 104.16.133.229\nName:\tcloudflare.com\nAddress: 104.16.132.229\nName:\tcloudflare.com\nAddress: 2606:4700::6810:84e5\nName:\tcloudflare.com\nAddress: 2606:4700::6810:85e5\n\n"
}
]
}
Docker logs output:
INFO[2021-01-01T20:03:37Z] Adding DNS upstream - url: https://1.1.1.3/dns-query
INFO[2021-01-01T20:03:37Z] Adding DNS upstream - url: https://security.cloudflare-dns.com/dns-query
INFO[2021-01-01T20:03:37Z] Adding DNS upstream - url: https://1.1.1.2/dns-query
INFO[2021-01-01T20:03:37Z] Adding DNS upstream - url: https://1.0.0.2/dns-query
INFO[2021-01-01T20:03:37Z] Starting metrics server on 127.0.0.1:8080/metrics
INFO[2021-01-01T20:03:37Z] Starting DNS over HTTPS proxy server on: dns://0.0.0.0:54
Simple tests:
❯ dig google.com @127.0.0.1 -p 54 +short
216.58.211.174
❯ dig google.com @127.0.0.1 +tcp -p 54 +short
216.58.211.174
You can change only the first two upstreams DNS1 and DNS2 and port number.
Change to fit your needs:
docker run -d --name cloudflared -p "5454:5454" -e "DNS1=dns.google" -e "DNS2=1.1.1.1" -e "PORT=5454" -p "5454:5454/udp" homeall/cloudflared:latest
Output result:
INFO[2021-01-01T20:08:36Z] Starting metrics server on 127.0.0.1:8080/metrics
INFO[2021-01-01T20:08:36Z] Adding DNS upstream - url: https://dns.google/dns-query
INFO[2021-01-01T20:08:36Z] Adding DNS upstream - url: https://1.1.1.1/dns-query
INFO[2021-01-01T20:08:36Z] Adding DNS upstream - url: https://1.1.1.2/dns-query
INFO[2021-01-01T20:08:36Z] Adding DNS upstream - url: https://1.0.0.2/dns-query
INFO[2021-01-01T20:08:36Z] Starting DNS over HTTPS proxy server on: dns://0.0.0.0:5454
docker run --name cloudflared -d -p "54:54" -p "54:54/udp" -e "ADDRESS=::" homeall/cloudflared
Output result:
INFO[2021-01-02T14:38:53Z] Adding DNS upstream - url: https://1.1.1.3/dns-query
INFO[2021-01-02T14:38:53Z] Adding DNS upstream - url: https://security.cloudflare-dns.com/dns-query
INFO[2021-01-02T14:38:53Z] Adding DNS upstream - url: https://1.1.1.2/dns-query
INFO[2021-01-02T14:38:53Z] Adding DNS upstream - url: https://1.0.0.2/dns-query
INFO[2021-01-02T14:38:53Z] Starting metrics server on 127.0.0.1:8080/metrics
INFO[2021-01-02T14:38:53Z] Starting DNS over HTTPS proxy server on: dns://[::]:54
Simple tests:
❯ dig google.com @::1 +tcp -p 54 +short
216.58.213.14
❯ dig google.com @::1 -p 54 +short
216.58.213.14
PiHole with cloudflared is a match in heaven for privacy and ADs protection.
Check out this docker-compose.yml:
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
hostname: pihole
ports:
- "53:53/tcp"
- "53:53/udp"
- "80:80/tcp"
environment:
TZ: 'Europe/London'
WEBPASSWORD: 'admin'
ServerIP: '172.18.0.2'
DNS1: '172.18.0.3#54'
DNS2: 'no'
volumes:
- './etc-pihole/:/etc/pihole/'
cap_add:
- NET_ADMIN
restart: unless-stopped
networks:
pihole_net:
ipv4_address: 172.18.0.2
cloudflare:
restart: unless-stopped
container_name: cloudflare
image: homeall/cloudflared:latest
environment:
TZ: 'Europe/London'
links:
- pihole
ports:
- "54:54/tcp"
- "54:54/udp"
networks:
pihole_net:
ipv4_address: 172.18.0.3
networks:
pihole_net:
driver: bridge
ipam:
config:
- subnet: 172.18.0.0/24
You will have to use the network mode and hardcoded IP address to forward correctly queries to Cloudflare for each container.
Otherwise, you may get issues config from dnsmask on PiHole.
If you use networking host mode, it will forward correctly queries to localhost on 54 port.
Distributed under the MIT license. See LICENSE for more information.
Please free to open a ticket on Github.
docker pull homeall/cloudflared