Skip to content
Cloudflare for Teams
Visit Cloudflare for Teams on GitHub
Set theme to dark (⇧+D)

Connect applications

You can connect applications, servers, and other resources to Cloudflare's network using Argo Tunnel. When connected, Cloudflare can apply Zero Trust policies to determine who can reach the resource.

Tunnel Diagram

Argo Tunnel runs a lightweight daemon (cloudflared) in your infrastructure that establishes outbound connections (Tunnels) between your service and the Cloudflare edge. When Cloudflare receives a request for your chosen hostname, it proxies the request through those connections to cloudflared. In turn, cloudflared proxies the request to your applications.

This forces any requests to access your applications to go through Cloudflare. This way, you can be sure attack traffic is stopped with Cloudflare’s WAF and Unmetered DDoS mitigation, and authenticated with Access if you’ve enabled those features for your account.

Argo Tunnel can connect HTTP web servers, SSH servers, remote desktops, and other protocols. Additionally, a single connector, the cloudflared daemon, can connect multiple applications of different types.

In order to create and manage Tunnels, you'll first need to:

  1. Download and install cloudflared on your machine
  2. Authenticate cloudflared

Once cloudflared has been installed and authenticated, the process to get your first Tunnel up and running includes 3 high-level steps:

  1. Create a Tunnel
  2. Route traffic to your Tunnel
  3. Run your Tunnel

Steps 1-2 are executed once per Tunnel, normally by an administrator, and Step 3 is executed whenever the Tunnel is to be started, normally by the owner of the Tunnel (whom may be different from the administrator).

Be sure to check out our Tutorials, where you can also find best practices for managing Tunnels as an administrator.