Legacy: configuring origins via CLI
cloudflared proxies traffic to local services running on your origin. You can configure the exact properties of each
origin by adding stanzas to the Ingress Rules. However, if you only want to proxy
traffic to a single local service, you can use CLI flags instead of YAML to configure that service.
Connects to the local webserver at
Sets a hostname on a Cloudflare zone to route traffic through this tunnel.
Add this tunnel to a Load Balancer pool. If it doesn’t already exist a load balancer will be created for the hostname of your tunnel, and a pool will be created with the pool name you specify. Traffic destined to that pool will be load balanced across this tunnel and any other tunnels which share its pool name.
Path to the CA for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
Disables chunked transfer encoding; useful if you are running a WSGI server.
Use the established tunnel to expose a
Hello world HTTP server for testing Cloudflare Tunnel. Mutually exclusive with the
Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by --proxy-tls-timeout.
Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.
The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
Disable the "happy eyeballs" algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
Timeout after which an idle keepalive connection can be discarded.
See this tutorial on connecting through Cloudflare Access using kubectl for example usage.