Configure a tunnel
After creating your Cloudflare Tunnel, you can configure various aspects of how cloudflared runs and connects your infrastructure to Cloudflare's network. This section covers advanced configuration options to optimize tunnel performance, security, and availability.
- Configure cloudflared parameters : Modify tunnel service parameters to control how
cloudflaredruns on your system, including logging, connection settings, and protocol options. - Tunnel with firewall : Configure firewall rules to allow
cloudflaredegress traffic while blocking all ingress, implementing a positive security model. - Tunnel availability and failover : Deploy multiple
cloudflaredreplicas for high availability and automatic failover across your infrastructure. - Tunnel permissions : Manage tunnel tokens and control who can run your remotely-managed tunnels.
- Cipher suites : Review the TLS cipher suites supported by
cloudflaredfor secure connections between your origin and Cloudflare's network.
For production deployments, consider the following steps:
- Deploy replicas - Run multiple
cloudflaredinstances for redundancy. - Configure logging - Set appropriate log levels for monitoring and troubleshooting.
- Review system requirements - Ensure your infrastructure meets performance needs.
- Configure firewall rules - Implement egress-only traffic patterns for security.
All tunnel connections between cloudflared and Cloudflare's network are secured with TLS 1.3 and post-quantum encryption by default, ensuring your traffic is protected against current and future cryptographic threats.
Enhance tunnel security with:
- Tunnel token management - Control access to your tunnel credentials.
- Egress-only firewall rules - Allow only necessary outbound connections.
- Least privilege permissions - Run
cloudflaredas a non-root user with minimal permissions needed for tunnel operation.
Maximize tunnel uptime with:
- Multiple replicas - Deploy
cloudflaredacross different hosts. - Health alerts - Get notified when your tunnel is degraded or goes down.
- Health metrics - Monitor tunnel resource usage to identify potential bottlenecks.
- Load balancing - Distribute traffic across tunnel connections.
- Automatic failover - Leverage built-in connection redundancy.
- Monitor your tunnels to track performance and troubleshoot issues.
- Configure routes to control how traffic reaches your applications.
- Set up private networks for internal resource access.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2026 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
