{"id":15765060,"url":"https://github.com/bobankh/docker-cloudflare-nginx-iptables","last_synced_at":"2026-04-09T07:07:32.726Z","repository":{"id":103578403,"uuid":"414853403","full_name":"BobAnkh/docker-cloudflare-nginx-iptables","owner":"BobAnkh","description":"Complete solution for deploying backend services behind Cloudflare. Automatically register new backend service container, forward real ip, and only allow http/https traffic from Cloudflare.","archived":false,"fork":false,"pushed_at":"2024-04-29T08:04:51.000Z","size":45,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-05T12:24:25.033Z","etag":null,"topics":["cdn","cloudflare","docker","docker-compose","firewall","iptables","nginx","nginx-proxy"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BobAnkh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-08T05:08:15.000Z","updated_at":"2024-04-29T08:04:54.000Z","dependencies_parsed_at":null,"dependency_job_id":"c9977ac4-b06d-49d0-9ff5-7dab0f13aac9","html_url":"https://github.com/BobAnkh/docker-cloudflare-nginx-iptables","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BobAnkh%2Fdocker-cloudflare-nginx-iptables","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BobAnkh%2Fdocker-cloudflare-nginx-iptables/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BobAnkh%2Fdocker-cloudflare-nginx-iptables/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BobAnkh%2Fdocker-cloudflare-nginx-iptables/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BobAnkh","download_url":"https://codeload.github.com/BobAnkh/docker-cloudflare-nginx-iptables/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246452982,"owners_count":20779877,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cdn","cloudflare","docker","docker-compose","firewall","iptables","nginx","nginx-proxy"],"created_at":"2024-10-04T12:24:26.712Z","updated_at":"2025-12-30T23:14:52.429Z","avatar_url":"https://github.com/BobAnkh.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# docker-cloudflare-nginx-iptables\n\nThis project is designed for using behind cloudflare CDN. For security reason, you should not expose the original ip address to the public.\nThis project is motivated by the security need.\n\nThis project do a bunch of things:\n\n- Register new containers in nginx automatically (docs of this feature please see [nginx-proxy/nginx-proxy](https://github.com/nginx-proxy/nginx-proxy))\n- Forward real ip carried by cloudflare requests to the service containers behind\n- Allow only cloudflare to connect to 80,443 ports with iptables\n- Automatically update the ip set of cloudflare\n\nThis is recommended to use with cloudflare Origin certificates. If you want to use letsencrypt to self-sign certificates, I suggest you to combine this with [evertramos/nginx-proxy-automation](https://github.com/evertramos/nginx-proxy-automation)\n\n**ATTENTION: This will block all the http/https traffic not from Cloudflare on the host, use at your own risk**\n\n## Usage\n\n1. git clone this repo: `git clone https://github.com/BobAnkh/docker-cloudflare-nginx-iptables.git /proxy`\n2. copy `.env.sample` to `.env` and modify the corresponding settings to your preference\n3. generate default certificates for illegal requests and ssl requests, and place your Cloudflare Origin certificates at the right place if you have or want, e,g., `./data/certs/`\n4. run `docker-compose up -d`\n\nYou can just use the `setup.sh` script to help you do job 2-3 and place the Cloudflare Origin certificates for your websites manually. It should be in format like: `example.com.crt` and `example.com.key`\n\nPlace your Cloudflare Origin certificates in certificates folder e.g., `./data/certs/`\n\nSupport for the newset version of `docker-compose`. If you are using an older version, be careful that you may have to change the format of `network` in `docker-compose.yml`.\n\n## Credits\n\nThis work is inspired by and based on 5 awesome work:\n\n- [evertramos/nginx-proxy-automation](https://github.com/evertramos/nginx-proxy-automation)\n- [nginx-proxy/nginx-proxy](https://github.com/nginx-proxy/nginx-proxy)\n- [nginx-proxy/docker-gen](https://github.com/nginx-proxy/docker-gen)\n- [VirtusAI/docker-cloudflare-firewall](https://github.com/VirtusAI/docker-cloudflare-firewall)\n- [colinmollenhour/docker-confd-firewall](https://github.com/colinmollenhour/docker-confd-firewall)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbobankh%2Fdocker-cloudflare-nginx-iptables","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbobankh%2Fdocker-cloudflare-nginx-iptables","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbobankh%2Fdocker-cloudflare-nginx-iptables/lists"}