Introduction

This article will show you how to automatically sync Traefik records with Cloudflare DNS using Traeflare. This is useful if you want to use Traefik as a reverse proxy for your services and you want to use Cloudflare as your DNS provider.

It's done by using Traeflare, a tool that automatically syncs Traefik records with Cloudflare DNS.

Prerequisites

• A Cloudflare account
• A Traefik instance
• An ubuntu server with Docker installed
• Docker compose installed
• A domain name that is managed by Cloudflare

Steps

Let's assume that you are working in the directory /home/ubuntu/traefik.

1. Prepare the environment variables

Create a file called .env and add the following environment variables:

Variable	Description	Default
TRAEFIK_API_URL	Traefik API URL	http://traefik:8080
CF_API_URL	Cloudflare API URL	https://api.cloudflare.com/client/v4
CF_ZONE_ID	Cloudflare Zone ID
CF_API_EMAIL	Cloudflare API Email
CF_API_KEY	Cloudflare API Key
CF_DNS_API_TOKEN	Cloudflare DNS API Token
DOMAIN_NAME	Domain Name
RECORD_TYPE	Cloudflare Record Type	CNAME
PROXIED	Cloudflare Proxied	true
PRUNE_RECORDS	Prune Records	true

2. Update your docker-compose.yml file

Assuming that you already have a Traefik service running and defined like the following in your docker-compose.yml file:

services:
  traefik:
    image: traefik:v2.10
    container_name: traefik
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/localtime:/etc/localtime:ro
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./config:/etc/traefik/config:ro
      - ./acme:/etc/traefik/acme
      - ./logs:/var/log
    env_file: .env
    labels:
      - traefik.enable=true
      - traefik.http.services.traefik.loadbalancer.server.port=8080

  # Add Traeflare here
  traeflare:
    image: ghcr.io/m4tt72/traeflare:main
    container_name: traeflare
    env_file: .env # Reference the environment variable file here
    restart: unless-stopped
    depends_on:
      - traefik

  whoiam:
    image: containous/whoami
    container_name: whoami
    labels:
      - traefik.enable=true # Traefik will automatically pick this up, generate routes for it, certificate, and also inform Traeflare to create a DNS record for it.
  # Your other services

With a directory tree that looks like this:

.
├── acme
│   └── acme.json
├── config
│   └── config.yml
├── logs
│   ├── access.log
│   └── traefik.log
└── traefik.yml

And with the configuration files in the directory:

traefik.yml

global:
  checkNewVersion: false
  sendAnonymousUsage: false

entryPoints:
  http:
    address: :80
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
          permanent: true

  https:
    address: :443
    http:
      tls:
        options: default
        certResolver: cloudflare

log:
  level: DEBUG
  format: common
  filePath: /var/log/traefik.log

accessLog:
  format: common
  filePath: /var/log/access.log

api:
  insecure: true
  dashboard: true

providers:
  docker:
    endpoint: unix:///var/run/docker.sock
    exposedByDefault: false
    watch: true
    defaultRule: Host(`{{ .ContainerName }}.example.com`)

  file:
    directory: /etc/traefik/config
    watch: true

certificatesResolvers:
  cloudflare:
    acme:
      email: your-email@example.com
      storage: /etc/traefik/acme/acme.json
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 10

config/config.yml

tls:
  options:
    default:
      minVersion: VersionTLS13
      sniStrict: true

As you can see, we have a Traefik service that is defined in our docker-compose.yml file and a Traeflare service that is defined in our docker-compose.yml file.

There is also a whoami service that is defined in our docker-compose.yml file, we added traefik.enable=true to the labels of this service so that Traefik can automatically pick it up, generate routes for it, certificate, and also inform Traeflare to create a DNS record for it.

Note: Make sure your container, in this example whoami, has a label traefik.enable=true AND a container_name defined.

3. Start the Traeflare service

Run the following command to start the Traeflare service:

docker-compose up -d

4. Check the Traeflare logs

Run the following command to check the Traeflare logs:

docker-compose logs -f traeflare

You will see that Traeflare has created a DNS record for the whoami service:

5. Check the Cloudflare DNS records and service URL

Go to your Cloudflare account and check the DNS records, you will see that Traeflare has created a DNS record for the whoami service.

You can also go to the URL of the whoami service and you will see that it's working.

Conclusion

In this article, we discussed how to automatically sync Traefik records with Cloudflare DNS using Traeflare. We installed Traeflare and configured it to automatically sync Traefik records with Cloudflare DNS.

Further reading

• Traeflare

References

• Traefik
• Cloudflare
• Docker