Cloudflare
This guide will cover how to configure a Cloudflare domain for your applications in dokploy or panel.
Cloudflare has multiple SSL's Modes:
- Strict (SSL-Only Origin Pull): Enforce encryption between Cloudflare and your origin. Use this mode to guarantee connections to your origin will always be encrypted, regardless of your visitor’s request.
- Full (Strict): Enable encryption end-to-end and enforce validation on origin certificates. Use Cloudflare’s Origin CA to generate certificates for your origin.
- Full: Enable encryption end-to-end. Use this mode when your origin server supports SSL certification but does not use a valid, publicly trusted certificate.
- Flexible: Enable encryption only between your visitors and Cloudflare. This will avoid browser security warnings, but all connections between Cloudflare and your origin are made through HTTP.
- Off (not secure): No encryption applied. Turning off SSL disables HTTPS and causes browsers to show a warning that your website is not secure.
We will cover two of SSL modes in this guide:
- Full (Strict)
- Flexible
Switch Mode
To switch between modes, follow these steps:
- Go to cloudflare dashboard and then click on
Account Home
-> Select the Domain you want to change. - On the left side, click
SSL/TLS
. - Click on
Overview
. - Click on Configure SSL/TLS Encryption.
- Select the desired mode Full (Strict) or Flexible.
- Click
Save
.
Assign a Domain Full (Strict)
Follow the steps in the same order to prevent any issues.
We assume that you have enabled the Full (Strict)
mode in the previous step, is super important to follow the steps in the same order to prevent any issues.
- Go to cloudflare dashboard and then click on
Account Home
-> Select the Domain. - On the left side, click
DNS
. - Click on
Records
. - Click on
Add Record
. - Select
A
record type. - Enter the
Host
name, eg.api
so it will beapi.dokploy.com
. - Enter the
IPv4 Address
from your server where the application is hosted eg.1.2.3.4
. - Click
Save
. - Go to dokploy panel and now you can assign either for
Applications
orDocker Compose
. - Go to
Domains
section. - Click
Create Domain
. - In the
Host
field, enter the domain name eg.api.dokploy.com
. - In the
Path
field, enter the path eg./
. - In the
Container Port
field, enter the port where your application is running eg.3000
. - In the
HTTPS
field enableON
. - In the
Certificate
field selectLet's Encrypt
. - Click
Create
. - A domain will be automatically assigned to your application.
- Wait a few seconds and refresh the application.
- You should see the application running on the domain you just created.
Assign a Domain Flexible
We assume that you have enabled the Flexible
mode in the previous step, is super important to follow the steps in the same order to prevent any issues.
- Go to cloudflare dashboard and then click on
Account Home
-> Select the Domain. - On the left side, click
DNS
. - Click on
Records
. - Click on
Add Record
. - Select
A
record type. - Enter the
Host
name, eg.api
so it will beapi.dokploy.com
. - Enter the
IPv4 Address
from your server where the application is hosted eg.1.2.3.4
. - Click
Save
. - Go to dokploy panel and now you can assign either for
Applications
orDocker Compose
. - Go to
Domains
section. - Click
Create Domain
. - In the
Host
field, enter the domain name eg.api.dokploy.com
. - In the
Path
field, enter the path eg./
. - In the
Container Port
field, enter the port where your application is running eg.3000
. - In the
HTTPS
field enableOFF
. - In the
Certificate
field selectNone
. - Click
Create
. - A domain will be automatically assigned to your application.
- Wait a few seconds and refresh the application.
- You should see the application running on the domain you just created.
Important Clarification on Container Ports
The "Container Port" specified in the domain settings is exclusively for routing traffic to the correct application container through Traefik, and does not expose the port directly to the internet. This is fundamentally different from the port settings in the "Advanced -> Ports" section, which are used to directly expose application ports. The container port in the domain settings ensures that Traefik can internally direct traffic to the specified port within the container based on the domain configuration.