How can I ensure `cloudflared` tunnel credentials and configuration persist across Docker container restarts or recreation?

To ensure `cloudflared` tunnel credentials and configuration persist across Docker container restarts or recreation, you must utilize Docker volumes to store the critical data outside the container's ephemeral filesystem: 1. **Credentials Persistence:** The `cert.pem` file (generated during `cloudflared tunnel login`) and the tunnel's JSON credential file (generated when creating a tunnel) are crucial. These are typically stored in the `~/.cloudflared` directory on the host machine. You should mount this host directory as a volume into your `cloudflared` container (e.g., `-v /home/user/.cloudflared:/home/nonroot/.cloudflared`). This ensures `cloudflared` can find its authentication and tunnel details even if the container is removed and recreated. 2. **Configuration File Persistence:** Your `config.yml` file, which defines ingress rules, should also be stored persistently on the host and mounted into the container (e.g., `-v /path/to/your/config.yml:/etc/cloudflared/config.yml`). By using host-mounted volumes, the crucial data resides independently of the container's lifecycle, guaranteeing persistence.