Put configuration

zero_trust.tunnels.cloudflared.configurations.update(, ) -> ConfigurationUpdateResponse

PUT/accounts/{account_id}/cfd_tunnel/{tunnel_id}/configurations

Adds or updates the configuration for a remotely-managed tunnel.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Cloudflare One Connectors WriteCloudflare One Connector: cloudflared WriteCloudflare Tunnel Write

ParametersExpand Collapse

account_id: str

Identifier.

maxLength32

tunnel_id: str

UUID of the tunnel.

formatuuid

maxLength36

config: Optional[Config]

The tunnel configuration and ingress rules.

ingress: Optional[Iterable[ConfigIngress]]

List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.

hostname: str

Public hostname for this service.

service: str

Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code http_status:[code] e.g. ‘http_status:404’.

origin_request: Optional[ConfigIngressOriginRequest]

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access: Optional[ConfigIngressOriginRequestAccess]

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

aud_tag: SequenceNotStr[str]

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

team_name: str

required: Optional[bool]

Deny traffic that has not fulfilled Access authorization.

ca_pool: Optional[str]

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connect_timeout: Optional[int]

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disable_chunked_encoding: Optional[bool]

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2_origin: Optional[bool]

Attempt to connect to origin using HTTP2. Origin must be configured as https.

http_host_header: Optional[str]

Sets the HTTP Host header on requests sent to the local service.

keep_alive_connections: Optional[int]

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keep_alive_timeout: Optional[int]

Timeout after which an idle keepalive connection can be discarded.

match_sn_ito_host: Optional[bool]

Auto configure the Hostname on the origin server certificate.

no_happy_eyeballs: Optional[bool]

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

no_tls_verify: Optional[bool]

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

origin_server_name: Optional[str]

Hostname that cloudflared should expect from your origin server certificate.

proxy_type: Optional[str]

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.

tcp_keep_alive: Optional[int]

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tls_timeout: Optional[int]

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

path: Optional[str]

Requests with this path route to this public hostname.

origin_request: Optional[ConfigOriginRequest]

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access: Optional[ConfigOriginRequestAccess]

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

aud_tag: SequenceNotStr[str]

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

team_name: str

required: Optional[bool]

Deny traffic that has not fulfilled Access authorization.

ca_pool: Optional[str]

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connect_timeout: Optional[int]

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disable_chunked_encoding: Optional[bool]

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2_origin: Optional[bool]

Attempt to connect to origin using HTTP2. Origin must be configured as https.

http_host_header: Optional[str]

Sets the HTTP Host header on requests sent to the local service.

keep_alive_connections: Optional[int]

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keep_alive_timeout: Optional[int]

Timeout after which an idle keepalive connection can be discarded.

match_sn_ito_host: Optional[bool]

Auto configure the Hostname on the origin server certificate.

no_happy_eyeballs: Optional[bool]

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

no_tls_verify: Optional[bool]

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

origin_server_name: Optional[str]

Hostname that cloudflared should expect from your origin server certificate.

proxy_type: Optional[str]

tcp_keep_alive: Optional[int]

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tls_timeout: Optional[int]

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

ReturnsExpand Collapse

class ConfigurationUpdateResponse: …

Cloudflare Tunnel configuration

account_id: Optional[str]

Identifier.

maxLength32

config: Optional[Config]

The tunnel configuration and ingress rules.

ingress: Optional[List[ConfigIngress]]

List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.

hostname: str

Public hostname for this service.

service: str

origin_request: Optional[ConfigIngressOriginRequest]

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access: Optional[ConfigIngressOriginRequestAccess]

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

aud_tag: List[str]

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

team_name: str

required: Optional[bool]

Deny traffic that has not fulfilled Access authorization.

ca_pool: Optional[str]

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connect_timeout: Optional[int]

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disable_chunked_encoding: Optional[bool]

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2_origin: Optional[bool]

Attempt to connect to origin using HTTP2. Origin must be configured as https.

http_host_header: Optional[str]

Sets the HTTP Host header on requests sent to the local service.

keep_alive_connections: Optional[int]

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keep_alive_timeout: Optional[int]

Timeout after which an idle keepalive connection can be discarded.

match_sn_ito_host: Optional[bool]

Auto configure the Hostname on the origin server certificate.

no_happy_eyeballs: Optional[bool]

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

no_tls_verify: Optional[bool]

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

origin_server_name: Optional[str]

Hostname that cloudflared should expect from your origin server certificate.

proxy_type: Optional[str]

tcp_keep_alive: Optional[int]

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tls_timeout: Optional[int]

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

path: Optional[str]

Requests with this path route to this public hostname.

origin_request: Optional[ConfigOriginRequest]

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access: Optional[ConfigOriginRequestAccess]

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

aud_tag: List[str]

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

team_name: str

required: Optional[bool]

Deny traffic that has not fulfilled Access authorization.

ca_pool: Optional[str]

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connect_timeout: Optional[int]

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disable_chunked_encoding: Optional[bool]

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2_origin: Optional[bool]

Attempt to connect to origin using HTTP2. Origin must be configured as https.

http_host_header: Optional[str]

Sets the HTTP Host header on requests sent to the local service.

keep_alive_connections: Optional[int]

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keep_alive_timeout: Optional[int]

Timeout after which an idle keepalive connection can be discarded.

match_sn_ito_host: Optional[bool]

Auto configure the Hostname on the origin server certificate.

no_happy_eyeballs: Optional[bool]

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

no_tls_verify: Optional[bool]

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

origin_server_name: Optional[str]

Hostname that cloudflared should expect from your origin server certificate.

proxy_type: Optional[str]

tcp_keep_alive: Optional[int]

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tls_timeout: Optional[int]

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

created_at: Optional[datetime]

formatdate-time

source: Optional[Literal["local", "cloudflare"]]

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel’s configuration on the Zero Trust dashboard.

One of the following:

"local"

"cloudflare"

tunnel_id: Optional[str]

UUID of the tunnel.

formatuuid

maxLength36

version: Optional[int]

The version of the Tunnel Configuration.

Put configuration

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
configuration = client.zero_trust.tunnels.cloudflared.configurations.update(
    tunnel_id="f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
    account_id="023e105f4ecef8ad9ca31a8372d0c353",
)
print(configuration.account_id)

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "account_id": "023e105f4ecef8ad9ca31a8372d0c353",
    "config": {
      "ingress": [
        {
          "hostname": "tunnel.example.com",
          "service": "https://localhost:8001",
          "originRequest": {
            "access": {
              "audTag": [
                "string"
              ],
              "teamName": "zero-trust-organization-name",
              "required": false
            },
            "caPool": "caPool",
            "connectTimeout": 10,
            "disableChunkedEncoding": true,
            "http2Origin": true,
            "httpHostHeader": "httpHostHeader",
            "keepAliveConnections": 100,
            "keepAliveTimeout": 90,
            "matchSNItoHost": false,
            "noHappyEyeballs": false,
            "noTLSVerify": false,
            "originServerName": "originServerName",
            "proxyType": "proxyType",
            "tcpKeepAlive": 30,
            "tlsTimeout": 10
          },
          "path": "subpath"
        }
      ],
      "originRequest": {
        "access": {
          "audTag": [
            "string"
          ],
          "teamName": "zero-trust-organization-name",
          "required": false
        },
        "caPool": "caPool",
        "connectTimeout": 10,
        "disableChunkedEncoding": true,
        "http2Origin": true,
        "httpHostHeader": "httpHostHeader",
        "keepAliveConnections": 100,
        "keepAliveTimeout": 90,
        "matchSNItoHost": false,
        "noHappyEyeballs": false,
        "noTLSVerify": false,
        "originServerName": "originServerName",
        "proxyType": "proxyType",
        "tcpKeepAlive": 30,
        "tlsTimeout": 10
      },
      "warp-routing": {
        "enabled": true
      }
    },
    "created_at": "2014-01-01T05:20:00.12345Z",
    "source": "cloudflare",
    "tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
    "version": 0
  }
}

Returns Examples

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "account_id": "023e105f4ecef8ad9ca31a8372d0c353",
    "config": {
      "ingress": [
        {
          "hostname": "tunnel.example.com",
          "service": "https://localhost:8001",
          "originRequest": {
            "access": {
              "audTag": [
                "string"
              ],
              "teamName": "zero-trust-organization-name",
              "required": false
            },
            "caPool": "caPool",
            "connectTimeout": 10,
            "disableChunkedEncoding": true,
            "http2Origin": true,
            "httpHostHeader": "httpHostHeader",
            "keepAliveConnections": 100,
            "keepAliveTimeout": 90,
            "matchSNItoHost": false,
            "noHappyEyeballs": false,
            "noTLSVerify": false,
            "originServerName": "originServerName",
            "proxyType": "proxyType",
            "tcpKeepAlive": 30,
            "tlsTimeout": 10
          },
          "path": "subpath"
        }
      ],
      "originRequest": {
        "access": {
          "audTag": [
            "string"
          ],
          "teamName": "zero-trust-organization-name",
          "required": false
        },
        "caPool": "caPool",
        "connectTimeout": 10,
        "disableChunkedEncoding": true,
        "http2Origin": true,
        "httpHostHeader": "httpHostHeader",
        "keepAliveConnections": 100,
        "keepAliveTimeout": 90,
        "matchSNItoHost": false,
        "noHappyEyeballs": false,
        "noTLSVerify": false,
        "originServerName": "originServerName",
        "proxyType": "proxyType",
        "tcpKeepAlive": 30,
        "tlsTimeout": 10
      },
      "warp-routing": {
        "enabled": true
      }
    },
    "created_at": "2014-01-01T05:20:00.12345Z",
    "source": "cloudflare",
    "tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
    "version": 0
  }
}