The example file below uses a single Tunnel to send traffic sent to two distinct hostnames to two services that
cloudflared can address. The configuration file uses to route traffic that arrives at
tunnel: 6ff42ae2-765d-4adf-8112-31c55c1551efcredentials-file: /root/.cloudflared/6ff42ae2-765d-4adf-8112-31c55c1551ef.json ingress: - hostname: gitlab.widgetcorp.tech service: http://localhost:80 - hostname: gitlab-ssh.widgetcorp.tech service: ssh://localhost:22 - service: http_status:404
You can specify a particular Tunnel in the config file by name or ID. When the following stanza is present in the file, the command
cloudflared tunnel run will be treated as if
cloudflared tunnel run NAME-OR-ID was run.
You can use
--config to point to a non-standard YAML file location:
$ cloudflared tunnel --config tunnels/config.yml run
cloudflared will examine default directories for config files.
On Windows the default directory is
On Unix-like systems, the default directories are
/usr/local/etc/cloudflared in that order.
config.yml for the above command could look like:
hostname: tunnel.yourdomain.comurl: http://localhost:8000logfile: /var/log/cloudflared.log
Flags that don't expect any value (such as
--hello-world) should be specified as boolean
true in the YAML:
Specifies a config file in YAML format.
Disables periodic check for updates, restarting the server with the new version. See also . Restarts are performed by spawning a new process that connects to the Cloudflare edge. On successful connection, the old process will gracefully shut down after handling all outstanding requests.
Specifies the Tunnel certificate for one of your zones, authorizing the client to serve as an origin for that zone. A certificate is required to use Cloudflare Tunnel. You can obtain a certificate by using the login command or by visiting
Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. The connection from your machine to Cloudflare's Edge is still encrypted and verified using TLS.
When cloudflared receives SIGINT/SIGTERM it will stop accepting new requests, wait for in-progress requests to terminate, then shutdown. Waiting for in-progress requests will timeout after this grace period, or when a second SIGTERM/SIGINT is received.
Address to query for usage metrics.
Frequency to update tunnel metrics.
Custom tags used to identify this tunnel, in format
KEY=VALUE. Multiple tags may be specified by delimiting them with commas e.g.
Specifies the verbosity of logging. The default
info is not noisy, but you may wish to run with
warn in production. Available levels are:
Specifies the verbosity of logs for the transport between
cloudflared and the Cloudflare edge. Available levels are:
Any value below
warn is noisy and should only be used to debug low-level performance issues and protocol quirks.
Maximum number of retries for connection/protocol errors. Retries use exponential backoff (retrying at 1, 2, 4, 8, 16 seconds by default) so increasing this value significantly is not recommended.
Write the application's PID to this file after the first successful connection. Mainly useful for scripting and service integration.
Save application log to this file. Mainly useful for reporting issues.
Shows help text.
Prints the version number and build date.