cloudflared
Create secure tunnels to Cloudflare's network
TLDR
Authenticate and associate the connection to a domain in the Cloudflare account
Create a tunnel with a specific name
Establish a tunnel to a host in Cloudflare from the local server
Establish a tunnel to a host in Cloudflare from the local server, without verifying the local server's certificate
Save logs to a file
Install cloudflared as a system service
SYNOPSIS
cloudflared [command] [options]
PARAMETERS
tunnel
Creates a tunnel or manages existing tunnels.
service
Manages cloudflared as a system service.
access
Commands related to Cloudflare Access.
proxy-dns
Starts a DNS proxy.
update
Updates cloudflared to the latest version.
version
Displays the cloudflared version.
login
Authenticates cloudflared with Cloudflare using a browser.
logout
Logs out cloudflared.
--config
Path to the configuration file.
--loglevel
Set the logging level (e.g., debug, info, warn, error).
--metrics
Address to expose metrics on (e.g., localhost:9000).
DESCRIPTION
cloudflared is the command-line client for Cloudflare Tunnel, a service that allows you to securely expose local web servers to the internet without opening inbound firewall ports. It creates an outbound-only connection between your origin server and Cloudflare's global network. This eliminates the need to expose your server directly to the internet, improving security and reducing the attack surface. Cloudflared handles the connection establishment, authentication, and encryption, simplifying the process of setting up secure remote access. It supports various protocols including HTTP, HTTPS, and SSH.
Common use cases include securely exposing web applications for testing, hosting personal websites without port forwarding, and accessing internal resources remotely. Cloudflared ensures all traffic is routed through Cloudflare's infrastructure, benefiting from its DDoS protection, content delivery network (CDN), and other security features. It is a convenient solution for anyone who wants to securely access their local services from anywhere in the world, leveraging Cloudflare's global network for performance and security.
CAVEATS
Cloudflared requires a Cloudflare account and a domain configured with Cloudflare's DNS. Ensure proper configuration of the tunnel in your Cloudflare dashboard. Network connectivity to Cloudflare's network is essential for cloudflared to function correctly.
CONFIGURATION FILE
The configuration file (typically YAML) allows you to specify various settings such as tunnel ID, hostname mappings, and service configurations.
Example config.yml:
tunnel: abcdefgh-1234-ijkl-5678-mnopqrstuvwxyz
credentials-file: /etc/cloudflared/abcdefgh-1234-ijkl-5678-mnopqrstuvwxyz.json
ingress:
- hostname: example.com
service: http://localhost:8080
- service: http_status:404
SERVICE MANAGEMENT
The 'service' command allows to install, uninstall, and manage cloudflared as a system service on Linux, macOS, and Windows. This ensures cloudflared runs automatically in the background.