├── .dockerignore ├── .gitattributes ├── .github ├── dependabot.yml └── workflows │ ├── ci.yml │ └── release.yml ├── Makefile ├── README.md └── build.Dockerfile /.dockerignore: -------------------------------------------------------------------------------- 1 | **/.classpath 2 | **/.dockerignore 3 | **/.env 4 | **/.git 5 | **/.gitignore 6 | **/.project 7 | **/.settings 8 | **/.toolstarget 9 | **/.vs 10 | **/.vscode 11 | **/*.*proj.user 12 | **/*.dbmdl 13 | **/*.jfm 14 | **/azds.yaml 15 | **/bin 16 | **/charts 17 | **/docker-compose* 18 | **/compose* 19 | **/Dockerfile* 20 | **/node_modules 21 | **/npm-debug.log 22 | **/obj 23 | **/secrets.dev.yaml 24 | **/values.dev.yaml 25 | README.md 26 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "docker" 4 | directory: "/" 5 | schedule: 6 | interval: "daily" 7 | 8 | - package-ecosystem: "github-actions" 9 | directory: "/" 10 | schedule: 11 | interval: "daily" 12 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: 4 | pull_request: 5 | paths: 6 | - "build.Dockerfile" 7 | - "Makefile" 8 | 9 | jobs: 10 | ci: 11 | runs-on: ubuntu-latest 12 | 13 | steps: 14 | - uses: actions/checkout@v4 15 | 16 | - name: Install buildx 17 | uses: docker/setup-buildx-action@v3 18 | 19 | - name: Build images 20 | run: make docker-build -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - "build.Dockerfile" 9 | - "Makefile" 10 | 11 | jobs: 12 | build: 13 | runs-on: ubuntu-latest 14 | 15 | steps: 16 | - uses: actions/checkout@v4 17 | 18 | - name: Install buildx 19 | uses: docker/setup-buildx-action@v3 20 | 21 | - name: Login to GitHub Container Registry 22 | uses: docker/login-action@v3 23 | with: 24 | registry: ghcr.io 25 | username: ${{ github.actor }} 26 | password: ${{ secrets.GITHUB_TOKEN }} 27 | 28 | - name: Login to Docker Hub 29 | uses: docker/login-action@v3 30 | with: 31 | username: ${{ secrets.DOCKERHUB_USERNAME }} 32 | password: ${{ secrets.DOCKERHUB_TOKEN }} 33 | 34 | - name: Build and Push 35 | run: make docker-release 36 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | VERSION := 2025.1.1 2 | 3 | .PHONY: all 4 | all: docker-build 5 | 6 | .PHONY: build 7 | docker-build: 8 | docker --log-level=debug buildx build . \ 9 | --file build.Dockerfile \ 10 | --build-arg=CLOUDFLARED_VERSION=$(VERSION) \ 11 | --platform linux/amd64,linux/arm64,linux/arm/v7 12 | 13 | .PHONY: release 14 | docker-release: 15 | docker --log-level=debug buildx build . \ 16 | --file build.Dockerfile \ 17 | --build-arg=CLOUDFLARED_VERSION=$(VERSION) \ 18 | --platform linux/amd64,linux/arm64,linux/arm/v7 \ 19 | --tag ghcr.io/milgradesec/cloudflared:$(VERSION) \ 20 | --tag ghcr.io/milgradesec/cloudflared:latest \ 21 | --tag milgradesec/cloudflared:$(VERSION) \ 22 | --tag milgradesec/cloudflared:latest \ 23 | --push 24 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Multi-Arch Cloudflare Tunnel Docker Image 2 | 3 | [![Release](https://github.com/milgradesec/cloudflared-docker/actions/workflows/release.yml/badge.svg)](https://github.com/milgradesec/cloudflared-docker/actions/workflows/release.yml) 4 | 5 | ## Why 6 | 7 | Currently Cloudflare doesn't provide an official linux/arm64 docker image of `cloudflared` suitable for devices like RaspberryPi and AWS Graviton. 8 | 9 | ## Installing `cloudflared` 10 | 11 | Get from Github Container Registry: 12 | 13 | ```shell 14 | docker pull ghcr.io/milgradesec/cloudflared:latest 15 | ``` 16 | 17 | Get from Docker Hub: 18 | 19 | ```shell 20 | docker pull milgradesec/cloudflared:latest 21 | ``` 22 | 23 | ## About 24 | 25 | The image is slightly modified to run as limited user instead of root. 26 | -------------------------------------------------------------------------------- /build.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM --platform=amd64 golang:1.23.5 AS builder 2 | 3 | ARG TARGETPLATFORM 4 | ARG TARGETOS 5 | ARG TARGETARCH 6 | 7 | ARG CLOUDFLARED_VERSION 8 | 9 | ENV GO111MODULE=on \ 10 | CGO_ENABLED=0 11 | 12 | WORKDIR /go/src/github.com/cloudflare/cloudflared/ 13 | 14 | RUN git clone --branch ${CLOUDFLARED_VERSION} --single-branch --depth 1 https://github.com/cloudflare/cloudflared.git && \ 15 | cd cloudflared && \ 16 | GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -v -mod=vendor -ldflags "-w -s -X 'main.Version=${CLOUDFLARED_VERSION}'" github.com/cloudflare/cloudflared/cmd/cloudflared 17 | 18 | FROM gcr.io/distroless/base-debian11:nonroot 19 | 20 | COPY --from=builder /go/src/github.com/cloudflare/cloudflared/cloudflared /usr/local/bin/ 21 | 22 | USER nonroot 23 | ENTRYPOINT ["/usr/local/bin/cloudflared", "--no-autoupdate"] 24 | --------------------------------------------------------------------------------