deployment

this guide will walk you through deploying the funnel server using docker.

prerequisites

docker installed on your machine.
a domain name for your server (for tls/https tunnels).
dns provider credentials for automatic tls certificate generation (optional but recommended).

docker deployment

the recommended way to deploy the server is using the official docker image.

create a volume for certificates

the server needs to persist tls certificates. create a docker volume to store them.

docker volume create funnel-certs

basic deployment

for a basic deployment without tls, you can run:

docker run -d --name funnel-server \
  -p 8080:8080 \
  --restart unless-stopped \
  ghcr.io/karol-broda/funnel-server:latest

this will start the server on port 8080 and make it accessible at http://your-server-ip:8080.

deployment with tls (recommended)

for a production deployment with automatic tls certificates, you'll need to provide your domain name and dns provider configuration.

first, create a dns provider configuration file (see the server cli reference for details):

dns-providers.json

{
  "providers": [
    {
      "name": "cloudflare",
      "env": {
        "CF_API_TOKEN": "your-cloudflare-api-token"
      }
    }
  ]
}

then run the server with tls enabled:

docker run -d --name funnel-server \
  -p 80:8080 \
  -p 443:8443 \
  -v $(pwd)/dns-providers.json:/etc/funnel/dns-providers.json \
  -v funnel-certs:/var/lib/funnel/certs \
  -e FUNNEL_ENABLE_TLS=true \
  -e FUNNEL_LETSENCRYPT_EMAIL=your-email@example.com \
  -e FUNNEL_DNS_PROVIDERS_CONFIG=/etc/funnel/dns-providers.json \
  --restart unless-stopped \
  ghcr.io/karol-broda/funnel-server:latest

replace your-email@example.com with your actual email address.

verify the deployment

check the logs to ensure the server started correctly:

docker logs -f funnel-server

you should see logs indicating that the server is listening on the configured ports. if tls is enabled, you'll also see logs about certificate generation.

configuration

the server can be configured using environment variables:

Variable	Description	Default
`FUNNEL_HOST`	the host to listen on.	`0.0.0.0`
`FUNNEL_PORT`	the port for http traffic.	`8080`
`FUNNEL_TLS_PORT`	the port for https/tls traffic.	`8443`
`FUNNEL_ENABLE_TLS`	enable automatic tls certificate generation.	`false`
`FUNNEL_LETSENCRYPT_EMAIL`	email address for let's encrypt account (required for tls).	`""`
`FUNNEL_DNS_PROVIDERS_CONFIG`	path to the dns provider config file (required for tls).	`""`
`FUNNEL_CERT_DIR`	directory to store tls certificates.	`/var/lib/funnel/certs`

docker compose (alternative)

you can also use docker compose for easier management:

docker-compose.yml

version: '3.8'
services:
  funnel-server:
    image: ghcr.io/karol-broda/funnel-server:latest
    container_name: funnel-server
    ports:
      - "80:8080"
      - "443:8443"
    volumes:
      - ./dns-providers.json:/etc/funnel/dns-providers.json
      - funnel-certs:/var/lib/funnel/certs
    environment:
      - FUNNEL_ENABLE_TLS=true
      - FUNNEL_LETSENCRYPT_EMAIL=your-email@example.com
      - FUNNEL_DNS_PROVIDERS_CONFIG=/etc/funnel/dns-providers.json
    restart: unless-stopped

volumes:
  funnel-certs:

then run:

docker-compose up -d

for a complete list of configuration options, please refer to the server cli reference.

Last updated: July 26, 2025

by karol-broda

On this page