Cloudflared
List Cloudflare Tunnels
Get a Cloudflare Tunnel
Create a Cloudflare Tunnel
Update a Cloudflare Tunnel
Delete a Cloudflare Tunnel
CloudflaredConfigurations
Get configuration
Put configuration
ModelsExpand Collapse
ConfigurationGetResponse { account_id, config, created_at, 3 more } Cloudflare Tunnel configuration
Cloudflare Tunnel configuration
config: optional { ingress, originRequest } The tunnel configuration and ingress rules.
The tunnel configuration and ingress rules.
ingress: optional array of { hostname, service, originRequest, path } List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code http_status:[code] e.g. ‘http_status:404’.
originRequest: optional { access, caPool, connectTimeout, 12 more } Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
access: optional { audTag, teamName, required } For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.
For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.
Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
Disables chunked transfer encoding. Useful if you are running a WSGI server.
Attempt to connect to origin using HTTP2. Origin must be configured as https.
Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
Hostname that cloudflared should expect from your origin server certificate.
cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.
originRequest: optional { access, caPool, connectTimeout, 12 more } Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
access: optional { audTag, teamName, required } For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.
For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.
Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
Disables chunked transfer encoding. Useful if you are running a WSGI server.
Attempt to connect to origin using HTTP2. Origin must be configured as https.
Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
Hostname that cloudflared should expect from your origin server certificate.
cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.
ConfigurationUpdateResponse { account_id, config, created_at, 3 more } Cloudflare Tunnel configuration
Cloudflare Tunnel configuration
config: optional { ingress, originRequest } The tunnel configuration and ingress rules.
The tunnel configuration and ingress rules.
ingress: optional array of { hostname, service, originRequest, path } List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code http_status:[code] e.g. ‘http_status:404’.
originRequest: optional { access, caPool, connectTimeout, 12 more } Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
access: optional { audTag, teamName, required } For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.
For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.
Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
Disables chunked transfer encoding. Useful if you are running a WSGI server.
Attempt to connect to origin using HTTP2. Origin must be configured as https.
Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
Hostname that cloudflared should expect from your origin server certificate.
cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.
originRequest: optional { access, caPool, connectTimeout, 12 more } Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
access: optional { audTag, teamName, required } For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.
For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.
Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
Disables chunked transfer encoding. Useful if you are running a WSGI server.
Attempt to connect to origin using HTTP2. Origin must be configured as https.
Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
Hostname that cloudflared should expect from your origin server certificate.
cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.
CloudflaredConnections
List Cloudflare Tunnel connections
Clean up Cloudflare Tunnel connections
ModelsExpand Collapse
Client { id, arch, config_version, 4 more } A client (typically cloudflared) that maintains connections to a Cloudflare data center.
A client (typically cloudflared) that maintains connections to a Cloudflare data center.
The version of the remote tunnel configuration. Used internally to sync cloudflared with the Zero Trust dashboard.
conns: optional array of { id, client_id, client_version, 5 more } The Cloudflare Tunnel connections between your origin and Cloudflare’s edge.
The Cloudflare Tunnel connections between your origin and Cloudflare’s edge.
Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.