Skip to main content
  1. My Blog Posts and Stories/

Coolify Wildcard Subdomain Setup With Cloudflare

··1140 words·6 mins
Home Lab
Table of Contents

Introduction #

While setting up my side projects in Coolify, I realized that my current workflow for getting local HTTPs working is quite inefficient. Previously, I have an instance of Traefik on a different machine that is not managed by Coolify. As I have Cloudflare wildcard subdomains set up in that instance, any traffic that hits my subdomain will be routed through that IP address.

My current workflow is as follows when setting up a new service on Coolify.

  1. Run the template on Coolify
  2. Modify the Traefik Configuration file to get HTTPs working
  3. Restart the Traefik proxy
  4. Update the Coolify Domain name to point to the url defined in the Traefik Configuration.

If your setup is similar to mine, you may not need to restart Traefik. In my case, the Traefik configuration is stored on an SMB share. This will make Traefik unable to detect file reloads.

As a result, we will have to manually restart Traefik in order to have the new configuration take effect.

CoolifyCoolify TraefikCloudflareTraefikCoolifyCoolify TraefikCloudflareTraefikUserFetch CertificateChallengeUse TXT to challengeValidate Challenge + Issue CertificateRequestProxied Request 1Proxied Request 2ResponseResponseResponseUserTraefik Settings (Before)

After all the setup I have done, the request still hops through 2 different proxies before it hits Coolify. It is a waste of resources and the setup process is quite a hassle. I have decided to optimize it to reduce the number of proxy hops and increase my ease of config.

CoolifyCloudflareCoolify TraefikCoolifyCloudflareCoolify TraefikUserFetch CertificateChallengeUse TXT to challengeValidate Challenge + Issue CertificateRequestProxied RequestResponseResponseUserTraefik Settings (After)

This new flow has only 1 proxy hop to the original Coolify proxy. The new steps to assign a subdomain URL to my Coolify deployment is simplified to the following:

  1. Run the template on Coolify
  2. Assign the subdomain URL in the Coolify UI.

This has shaved down the number of steps required dramatically.

Why not Cloudflare Tunnels #

There is 1 main benefit of doing it like this instead of using Cloudflare tunnels. This method also works with HTTPs services which are not exposed to the internet. It is perfect for home lab scenarios where we do not want our services exposed to the internet.

For cases where you want to expose all your services to the internet, I will definitely recommend using Cloudflare Tunnels with Coolify instead.

Setup Steps #

Pre Requisites #

  1. A Coolify instance
  2. A domain hosted on Cloudflare
  3. Access to a Cloudflare account

Step 1: Getting your Cloudflare API Key #

The 1st step is to fetch your Cloudflare API key from the Cloudflare Website.

API Key Location
Cloudflare API Key

After selecting your domain from the above, click on the Get your API token button.

Create Token
Cloudflare Create Token

Click on Create Token

Use Template for Edit zone DNS
Cloudflare Token Page

Find the Edit zone DNS API Token and click on Use Template

Cloudflare Zone Selection
Cloudflare Zone Resource

Select the domain that you want to use. After that, go to the summary and click on Create Token.

Viola, you have your Cloudflare Token~

Write down your token for use in the later steps.

Step 2: Setting up a subdomain #

Choose a subdomain that you want to use for your Coolify subdomains.

Here are some examples that you can use

  1. Wildcard for domain (*.jh123x.com): This is usually used when you want to self-host all your services on this domain
  2. Wildcard Subdomains (*.xxx.jh123x.com): This is usually the way to go when you have resources hosted across a variety of places

After choosing your subdomain, add the DNS record to your Cloudflare Configuration.

Cloudflare DNS Settings
Cloudflare DNS Settings

TypeNameContentProxy StatusTTL
A<your subdomain here><coolify-ip>Can be anythingauto

This set up is required in order to route your traffic to your Coolify Traefik instance.

Step 3: Setting up Traefik #

Now that we have the Cloudflare side set up correctly, it is time to take a look at how to set up Traefik.

Navigate to your Coolify Instance and login.

Coolify Page
Coolify Page

Click on the Servers tab and click on the machine that you are setting this up on

Coolify Server Page
Selecting the Proxy Page

Click on the proxy tab to go to the Traefik proxy.

Coolify Traefik Proxy Config
Editing your Traefik Proxy Config

You can edit your Traefik Proxy config in this section over here.

Set up your config similar to the one below.

name: coolify-proxy
networks:
  coolify:
    external: true
services:
  traefik:
    container_name: coolify-proxy
    image: 'traefik:v3.1'
    ...
    environment:
      CF_API_EMAIL: {{Cloudflare Email}} 
      CF_API_KEY: {{Cloudflare API Key}}
    command:
        ...
      - '--providers.file.watch=true'
      - '--certificatesresolvers.letsencrypt.acme.email={{Cloudflare Email}}'
      - '--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json'
      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare'
      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53'
      - '--api.insecure=false'
        ...
    labels:
        ... 
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.tls.domains[0].main={{Cloudflare Subdomain}}
      - traefik.http.routers.traefik-secure.tls.domains[0].sans={{Cloudflare Subdomain with Wildcard}}
      - traefik.http.routers.traefik-secure.service=api@internal
        ...

Do the following replacements that based on what you have set up above

PlaceholderDescriptionExample
{{Cloudflare Email}}Your Cloudflare email addresstest@example.com
{{Cloudflare API Key}}Your Cloudflare API Key in Part 1cdXXXXXXXXXXXXXXXX
{{Cloudflare Subdomain}}The Cloudflare subdomain that you set up in Part 1subdomain.example.com
{{Cloudflare Subdomain with Wildcard}}The Cloudflare subdomain in Part 1 with the *. at the front*.subdomain.example.com

Note: Please keep the name of the certificate resolvers like the config above by using letsencrypt instead of renaming it. I am not sure how to actually change the name used by Coolify, but I cannot seem to get other names used.

If you know how to change this config, please contact me and let me know.

The ... symbols are placeholders that are put in place for other configurations which are not relevant

Step 4: Profit #

Now that we have set up the configuration, you can test the configuration by setting one of your services to a subdomain that you have set.

For example, if I set my subdomain as *.subdomain.example.com, you can set your services to something like immich.subdomain.example.com.

Coolify will automatically take care of the rest.

Troubleshooting #

If you encounter any issues, you can refer to the Traefik ACME page to find out more. Just ensure that the naming for the resolver is letsencrypt, it should work.

Conclusion #

In this blog post we went through how to set up a wildcard subdomain. This will hugely improve QoL for any services that you want to deploy by providing them with the relevant HTTPs certificates