Skip to main content

CloudFlared & Traefik Guide

A guide to add traefik reverse proxy to a CloudFlared tunnel to expose apps with ingress.


Implementing this guide will publicly expose your server, use at your own risk.

Create a tunnel and install cloudflared before starting this guide.

To add traefik to the CloudFlared tunnel.

Create all the public hostname entries in this order:

  • the root domain (if you plan to use root domain).
  • each sub domain record.

These are the values that would be needed and assumes that the app is named traefik and the port is set to 443.

sub domain: app

type: https

url: traefik-tcp.ix-traefik.svc.cluster.local:443

if using scale certs(deprecated)

  • Additional application settings
    • TLS
      • Origin Server Name: mydomain.tld

if using cert-manager (recommended)

  • Additional application settings
    • TLS
      • Origin Server Name: app.mydomain.tld



Traefik MiddleWares

It's highly advise to add a few MiddleWares like ipwhitelist and auth to protect certain apps from being directly or indirectly exposed publicly.