{"id":28493069,"url":"https://github.com/hhftechnology/cloudflare-tailscale-integration","last_synced_at":"2026-05-19T14:10:27.028Z","repository":{"id":269559631,"uuid":"907767260","full_name":"hhftechnology/cloudflare-tailscale-integration","owner":"hhftechnology","description":"Zero-trust access gateway: Deploy secure tunnels for both public and private services instantly.","archived":false,"fork":false,"pushed_at":"2024-12-26T07:17:35.000Z","size":19,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-08T05:40:08.188Z","etag":null,"topics":["cloudflare","cloudflared","docker","docker-compose","tailscale","tunnel","vpn"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hhftechnology.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-12-24T10:39:52.000Z","updated_at":"2025-03-19T20:37:50.000Z","dependencies_parsed_at":"2024-12-24T12:53:26.616Z","dependency_job_id":"8cce0a32-2f1c-4728-a9f7-30ae8b193458","html_url":"https://github.com/hhftechnology/cloudflare-tailscale-integration","commit_stats":null,"previous_names":["hhftechnology/cloudflare-tailscale-integration"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hhftechnology/cloudflare-tailscale-integration","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hhftechnology%2Fcloudflare-tailscale-integration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hhftechnology%2Fcloudflare-tailscale-integration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hhftechnology%2Fcloudflare-tailscale-integration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hhftechnology%2Fcloudflare-tailscale-integration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hhftechnology","download_url":"https://codeload.github.com/hhftechnology/cloudflare-tailscale-integration/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hhftechnology%2Fcloudflare-tailscale-integration/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279005943,"owners_count":26084002,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudflare","cloudflared","docker","docker-compose","tailscale","tunnel","vpn"],"created_at":"2025-06-08T09:07:23.712Z","updated_at":"2025-10-11T02:37:38.855Z","avatar_url":"https://github.com/hhftechnology.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Secure Access Gateway with Cloudflare and Tailscale\n\nThis Docker image provides a secure access gateway that integrates both Cloudflare Tunnels and Tailscale for flexible and secure access to your services. You can use either or both technologies simultaneously to create a secure, zero-trust access layer for your applications.\n\n## Features\n\n- Cloudflare Tunnel integration for secure public access\n- Tailscale VPN integration for private network access\n- Support for multiple port forwarding\n- Docker-compose ready\n- Easy configuration through environment variables\n- Automatic service discovery and configuration\n\n## Prerequisites\n\nBefore using this image, you'll need:\n\n1. A Cloudflare account (if using Cloudflare Tunnels)\n2. A Tailscale account (if using Tailscale)\n3. Docker and Docker Compose installed on your host\n4. Basic understanding of networking and Docker concepts\n\n## Environment Variables\n\n### Core Configuration\n```env\n# Feature Flags\nENABLE_CLOUDFLARE=true|false\nENABLE_TAILSCALE=true|false\n\n# Cloudflare Configuration\nCLOUDFLARE_TUNNEL_TOKEN=your-tunnel-token\n# OR\nCLOUDFLARE_TUNNEL_ID=your-tunnel-id\n\n# Tailscale Configuration\nTAILSCALE_AUTH_KEY=tskey-auth-xxxxx-xxxxxxxxxxxxx\nTAILSCALE_HOSTNAME=your-preferred-hostname\nTARGET_PORTS=3000,8080,9000 # Ports to forward via Tailscale\n```\n\n### Optional Tailscale Settings\n```env\nTAILSCALE_ACCEPT_DNS=true|false\nTAILSCALE_ACCEPT_ROUTES=true|false\nTAILSCALE_ADVERTISE_EXIT_NODE=true|false\nTAILSCALE_ADVERTISE_ROUTES=\nTAILSCALE_SSH=true|false\n```\n\n## Usage Examples\n\n### Example 1: Basic Web Application with Cloudflare Only\n\nThis example shows how to expose a simple web application through Cloudflare Tunnel.\n\n```yaml\nservices:\n secure-proxy:\n image: hhftechnology/cloudflare-tailscale-integration:latest\n environment:\n - ENABLE_CLOUDFLARE=true\n - ENABLE_TAILSCALE=false\n - CLOUDFLARE_TUNNEL_TOKEN=your-tunnel-token\n volumes:\n - ./cloudflared:/etc/cloudflared\n restart: unless-stopped\n\n webapp:\n image: nginx:alpine\n expose:\n - \"80\"\n```\n\n### Example 2: Internal Service with Tailscale Only\n\nThis example demonstrates using Tailscale for private access to an internal dashboard.\n\n```yaml\nversion: '3'\nservices:\n secure-proxy:\n image: hhftechnology/cloudflare-tailscale-integration:latest\n cap_add:\n - NET_ADMIN\n environment:\n - ENABLE_CLOUDFLARE=false\n - ENABLE_TAILSCALE=true\n - TAILSCALE_AUTH_KEY=tskey-auth-xxxxx-xxxxxxxxxxxxx\n - TAILSCALE_HOSTNAME=internal-dashboard\n - TARGET_PORTS=3000\n volumes:\n - ./data/tailscale:/var/lib/tailscale\n devices:\n - /dev/net/tun:/dev/net/tun\n\n dashboard:\n image: grafana/grafana\n expose:\n - \"3000\"\n```\n\n### Example 3: Split Access - Public Website and Private Admin Panel\n\nThis example shows how to use both Cloudflare and Tailscale to provide different access methods for different components.\n\n```yaml\nservices:\n secure-proxy:\n image: hhftechnology/cloudflare-tailscale-integration:latest\n cap_add:\n - NET_ADMIN\n environment:\n - ENABLE_CLOUDFLARE=true\n - ENABLE_TAILSCALE=true\n - CLOUDFLARE_TUNNEL_TOKEN=your-tunnel-token\n - TAILSCALE_AUTH_KEY=tskey-auth-xxxxx-xxxxxxxxxxxxx\n - TAILSCALE_HOSTNAME=admin-portal\n - TARGET_PORTS=8080\n volumes:\n - ./data/tailscale:/var/lib/tailscale\n - ./data/cloudflared:/etc/cloudflared\n devices:\n - /dev/net/tun:/dev/net/tun\n\n website:\n image: nginx:alpine\n expose:\n - \"80\" # Exposed via Cloudflare\n\n admin:\n image: adminer\n expose:\n - \"8080\" # Exposed via Tailscale\n```\n\n### Example 4: Multi-Service Development Environment\n\nThis example creates a development environment with multiple services accessible through Tailscale.\n\n```yaml\nservices:\n secure-proxy:\n image: hhftechnology/cloudflare-tailscale-integration:latest\n cap_add:\n - NET_ADMIN\n environment:\n - ENABLE_CLOUDFLARE=false\n - ENABLE_TAILSCALE=true\n - TAILSCALE_AUTH_KEY=tskey-auth-xxxxx-xxxxxxxxxxxxx\n - TAILSCALE_HOSTNAME=dev-environment\n - TARGET_PORTS=3000,8080,5432,6379\n volumes:\n - ./data/tailscale:/var/lib/tailscale\n devices:\n - /dev/net/tun:/dev/net/tun\n\n frontend:\n image: node:alpine\n working_dir: /app\n command: npm start\n expose:\n - \"3000\"\n\n backend:\n image: python:alpine\n command: python manage.py runserver 0.0.0.0:8080\n expose:\n - \"8080\"\n\n db:\n image: postgres:alpine\n expose:\n - \"5432\"\n\n redis:\n image: redis:alpine\n expose:\n - \"6379\"\n```\n\n### Example 5: Hybrid Cloud Application\n\nThis example demonstrates a hybrid cloud setup where some services are public and others are private.\n\n```yaml\nservices:\n secure-proxy:\n image: hhftechnology/cloudflare-tailscale-integration:latest\n cap_add:\n - NET_ADMIN\n environment:\n - ENABLE_CLOUDFLARE=true\n - ENABLE_TAILSCALE=true\n - CLOUDFLARE_TUNNEL_TOKEN=your-tunnel-token\n - TAILSCALE_AUTH_KEY=tskey-auth-xxxxx-xxxxxxxxxxxxx\n - TAILSCALE_HOSTNAME=hybrid-app\n - TARGET_PORTS=9000,5432\n volumes:\n - ./data/tailscale:/var/lib/tailscale\n - ./data/cloudflared:/etc/cloudflared\n devices:\n - /dev/net/tun:/dev/net/tun\n\n api:\n image: node:alpine\n expose:\n - \"80\" # Public API via Cloudflare\n\n management:\n image: portainer/portainer-ce\n expose:\n - \"9000\" # Private management via Tailscale\n\n database:\n image: postgres:alpine\n expose:\n - \"5432\" # Private database access via Tailscale\n```\n\n### Example 6: Microservices with Mixed Access\n\nThis example shows a microservices architecture with different access patterns for different services.\n\n```yaml\nversion: '3'\nservices:\n secure-proxy:\n image: hhftechnology/cloudflare-tailscale-integration:latest\n cap_add:\n - NET_ADMIN\n environment:\n - ENABLE_CLOUDFLARE=true\n - ENABLE_TAILSCALE=true\n - CLOUDFLARE_TUNNEL_TOKEN=your-tunnel-token\n - TAILSCALE_AUTH_KEY=tskey-auth-xxxxx-xxxxxxxxxxxxx\n - TAILSCALE_HOSTNAME=microservices\n - TARGET_PORTS=8080,9090,3000,5432\n volumes:\n - ./data/tailscale:/var/lib/tailscale\n - ./data/cloudflared:/etc/cloudflared\n devices:\n - /dev/net/tun:/dev/net/tun\n\n gateway:\n image: nginx:alpine\n expose:\n - \"80\" # Public API Gateway via Cloudflare\n\n auth-service:\n image: node:alpine\n expose:\n - \"8080\" # Private auth service via Tailscale\n\n metrics:\n image: prom/prometheus\n expose:\n - \"9090\" # Private metrics via Tailscale\n\n admin-dashboard:\n image: grafana/grafana\n expose:\n - \"3000\" # Private dashboard via Tailscale\n\n database:\n image: postgres:alpine\n expose:\n - \"5432\" # Private database via Tailscale\n```\n\n## Network Architecture\n\nWhen using both Cloudflare Tunnels and Tailscale, the secure-proxy container acts as a gateway:\n\n1. Cloudflare Tunnel provides secure public access to services marked for public exposure\n2. Tailscale provides private, encrypted access to services marked for internal use\n3. The proxy automatically handles routing and network isolation\n\n## Security Considerations\n\n1. Always use strong authentication keys and tokens\n2. Regularly rotate your Cloudflare and Tailscale credentials\n3. Monitor access logs and usage patterns\n4. Keep the Docker image and all services updated\n5. Follow the principle of least privilege when exposing services\n\n## Troubleshooting\n\n### Common Issues\n\n1. Connection Issues:\n```bash\n# Check Tailscale status\ndocker exec secure-proxy tailscale status\n\n# Check Cloudflare tunnel status\ndocker exec secure-proxy cloudflared tunnel info\n\n# View logs\ndocker logs secure-proxy\n```\n\n2. Port Forwarding Issues:\n```bash\n# Check iptables rules\ndocker exec secure-proxy iptables -t nat -L PREROUTING\n\n# Verify network interfaces\ndocker exec secure-proxy ip addr show\n```\n\n## Support\n\nFor issues, feature requests, or contributions, please visit our GitHub repository:\n[https://github.com/hhftechnology/cloudflare-tailscale-integration](https://github.com/hhftechnology/cloudflare-tailscale-integration)\n\n## License\n\nMIT License - See LICENSE file for details","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhhftechnology%2Fcloudflare-tailscale-integration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhhftechnology%2Fcloudflare-tailscale-integration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhhftechnology%2Fcloudflare-tailscale-integration/lists"}