LinuxCommandLibrary

cloudflared

Create secure tunnels to Cloudflare's network

TLDR

Authenticate and associate the connection to a domain in the Cloudflare account

$ cloudflared tunnel login
copy

Create a tunnel with a specific name
$ cloudflared tunnel create [name]
copy

Establish a tunnel to a host in Cloudflare from the local server
$ cloudflared tunnel --hostname [hostname] localhost:[port_number]
copy

Establish a tunnel to a host in Cloudflare from the local server, without verifying the local server's certificate
$ cloudflared tunnel --hostname [hostname] localhost:[port_number] --no-tls-verify
copy

Save logs to a file
$ cloudflared tunnel --hostname [hostname] http://localhost:[port_number] --loglevel [panic|fatal|error|warn|info|debug] --logfile [path/to/file]
copy

Install cloudflared as a system service
$ cloudflared service install
copy

SYNOPSIS

cloudflared [flags] <command> [<args>]

PARAMETERS

--config <PATH>
    Path to the configuration YAML file (default: ~/.cloudflared/config.yml)

--logfile <PATH>
    Path to the log file (default: /var/log/cloudflared)

--loglevel <LEVEL>
    Set log verbosity: trace|debug|info|warn|error|fatal (default: info)

--no-autoupdate
    Disable automatic cloudflared updates

-h, --help
    Show help for the command

--version, -v
    Print cloudflared version

DESCRIPTION

cloudflared is the lightweight, open-source daemon from Cloudflare that powers Cloudflare Tunnel, enabling secure, outbound-only connections from your infrastructure to Cloudflare's global edge network. It exposes local HTTP, TCP, or other services to the internet without requiring public IP addresses, inbound firewall rules, or port forwarding.

Ideal for development, homelabs, production servers, and Zero Trust environments, cloudflared supports features like automatic HTTPS with custom domains, private networking (Cloudflare WARP), load balancing, and integration with Cloudflare Access for identity-based controls. Tunnels persist via named configurations or quick one-off proxies, with metrics and logging for observability.

Installation is straightforward via package managers or direct download. Authenticate with a free Cloudflare account, create tunnels via CLI or dashboard, and route traffic seamlessly. It handles retries, health checks, and updates automatically, minimizing downtime. Widely used for SSH/RDP access, API endpoints, and internal dashboards behind NAT/CGNAT.

CAVEATS

Requires outbound internet access to Cloudflare edge; named tunnels need a free Cloudflare account; not suitable for high-bandwidth streaming without paid plans.

MAIN SUBCOMMANDS

tunnel: Create/run tunnels (<cloudflared tunnel run>).
service: Install/uninstall as system service.
access: Manage Zero Trust policies.
proxy-dns: DNS-over-HTTPS proxy.

QUICK EXAMPLE

cloudflared tunnel --url http://localhost:3000
Creates temporary tunnel and prints *.trycloudflare.com URL.

HISTORY

Introduced in 2017 as 'argo-tunnel' for Argo Smart Routing; rebranded to cloudflared with Cloudflare Tunnel launch in 2020; actively maintained with regular updates for Zero Trust features.

SEE ALSO

systemd(1), nginx(1)

Copied to clipboard