===== Cloudflare Zero Trust Docker =====
{{tag>linux cloudflare dockerubuntu}}

Using host networking may not be the most secure way, but it is what was needed to get WARP routing when using quic to be able to proxy UDP traffic for proper DNS lookups on the private networks.

==== Install ====
<code sh>
docker pull cloudflare/cloudflared:latest
docker run --network host -d --restart=unless-stopped  cloudflare/cloudflared:latest tunnel --no-autoupdate run --token <CLOUDFLARE_TUNNEL_TOKEN>
</code>

==== Update ====
<code sh>
running_container=$(docker container ls -f ancestor=cloudflare/cloudflared:latest -q)
running_image=$(docker image ls --filter=reference=cloudflare/cloudflared -q)
running_token=$(docker inspect $running_container --format='{{(index .Config.Cmd 4)}}')
docker pull cloudflare/cloudflared:latest
docker run --network host -d --restart=unless-stopped  cloudflare/cloudflared:latest tunnel --no-autoupdate run --token $running_token
docker container ls -f ancestor=cloudflare/cloudflared:latest -a # verify two running
docker container ls -f ancestor=$running_image -a # verify two running
docker stop $running_container
#
# reconnect if disconnected
#
old_image=$(docker image ls --filter=reference=cloudflare/cloudflared --filter=dangling=true --format {{.ID}})
old_container=$(docker container ls -f ancestor=$old_image -f status=exited -q)
docker rm $old_container
sleep 5
docker image prune
</code>