Dokploy

Cloudflare

This guide will cover how to configure a Cloudflare domain for your applications in dokploy or panel.

Cloudflare has multiple SSL's Modes:

  1. Strict (SSL-Only Origin Pull): Enforce encryption between Cloudflare and your origin. Use this mode to guarantee connections to your origin will always be encrypted, regardless of your visitor’s request.
  2. Full (Strict): Enable encryption end-to-end and enforce validation on origin certificates. Use Cloudflare’s Origin CA to generate certificates for your origin.
  3. Full: Enable encryption end-to-end. Use this mode when your origin server supports SSL certification but does not use a valid, publicly trusted certificate.
  4. Flexible: Enable encryption only between your visitors and Cloudflare. This will avoid browser security warnings, but all connections between Cloudflare and your origin are made through HTTP.
  5. Off (not secure): No encryption applied. Turning off SSL disables HTTPS and causes browsers to show a warning that your website is not secure.

We will cover two of SSL modes in this guide:

  • Full (Strict)
  • Flexible

Switch Mode

To switch between modes, follow these steps:

  1. Go to cloudflare dashboard and then click on Account Home -> Select the Domain you want to change.
  2. On the left side, click SSL/TLS.
  3. Click on Overview.
  4. Click on Configure SSL/TLS Encryption.
  5. Select the desired mode Full (Strict) or Flexible.
  6. Click Save.

Assign a Domain Full (Strict)

Follow the steps in the same order to prevent any issues.

We assume that you have enabled the Full (Strict) mode in the previous step, is super important to follow the steps in the same order to prevent any issues.

  1. Go to cloudflare dashboard and then click on Account Home -> Select the Domain.
  2. On the left side, click DNS.
  3. Click on Records.
  4. Click on Add Record.
  5. Select A record type.
  6. Enter the Host name, eg. api so it will be api.dokploy.com.
  7. Enter the IPv4 Address from your server where the application is hosted eg. 1.2.3.4.
  8. Click Save.
  9. Go to dokploy panel and now you can assign either for Applications or Docker Compose.
  10. Go to Domains section.
  11. Click Create Domain.
  12. In the Host field, enter the domain name eg. api.dokploy.com.
  13. In the Path field, enter the path eg. /.
  14. In the Container Port field, enter the port where your application is running eg. 3000.
  15. In the HTTPS field enable ON.
  16. In the Certificate field select Let's Encrypt.
  17. Click Create.
  18. A domain will be automatically assigned to your application.
  19. Wait a few seconds and refresh the application.
  20. You should see the application running on the domain you just created.

Assign a Domain Flexible

We assume that you have enabled the Flexible mode in the previous step, is super important to follow the steps in the same order to prevent any issues.

  1. Go to cloudflare dashboard and then click on Account Home -> Select the Domain.
  2. On the left side, click DNS.
  3. Click on Records.
  4. Click on Add Record.
  5. Select A record type.
  6. Enter the Host name, eg. api so it will be api.dokploy.com.
  7. Enter the IPv4 Address from your server where the application is hosted eg. 1.2.3.4.
  8. Click Save.
  9. Go to dokploy panel and now you can assign either for Applications or Docker Compose.
  10. Go to Domains section.
  11. Click Create Domain.
  12. In the Host field, enter the domain name eg. api.dokploy.com.
  13. In the Path field, enter the path eg. /.
  14. In the Container Port field, enter the port where your application is running eg. 3000.
  15. In the HTTPS field enable OFF.
  16. In the Certificate field select None.
  17. Click Create.
  18. A domain will be automatically assigned to your application.
  19. Wait a few seconds and refresh the application.
  20. You should see the application running on the domain you just created.

Important Clarification on Container Ports

The "Container Port" specified in the domain settings is exclusively for routing traffic to the correct application container through Traefik, and does not expose the port directly to the internet. This is fundamentally different from the port settings in the "Advanced -> Ports" section, which are used to directly expose application ports. The container port in the domain settings ensures that Traefik can internally direct traffic to the specified port within the container based on the domain configuration.

On this page