When you create a tunnel, Cloudflare generates a subdomain of
cfargotunnel.com with the UUID of the created tunnel. You can treat
UUID.cfargotunnel.com as if it were an origin target in the Cloudflare dashboard.
Unlike publicly routable IP addresses, the subdomain will only proxy traffic for a DNS record or a Load Balancer pool in the same Cloudflare account. If someone discovers your subdomain UUID, they will not be able to create a DNS record in another account or system to proxy traffic to the address.
Add a tunnel to a load balancer pool
If you want to add a to your load balancer pool, you will need to add a host header to Advanced health check settings. The header will be similar to
Header Name: Host and
Value: www.your-zone.com. The monitor will not work without the host header if you are using a config file that defines the
ingress field, as shown in .
You can add Cloudflare Tunnel to an existing load balancer pool directly from
$ cloudflared tunnel route lb <tunnel name/uuid> <hostname> <load balancer pool>
<hostname>: the DNS hostname of the load balancer, for example
This command creates an LB DNS record that points the specified hostname to the subdomain of your tunnel (
UUID.cfargotunnel.com). Traffic will not be proxied unless the tunnel is running.
Optional Cloudflare settings
Monitors and TCP Tunnel origins
If you have a tunnel to a port or SSH port, do not run a TCP health check.
Instead, set up a health check endpoint in
cloudflared — for example, an that returns a fixed HTTP status response — and create an HTTP for that endpoint. The monitor will only verify that your server is reachable. It does not check whether the server is running and accepting requests.
Session affinity and replicas
The load balancer does not distinguish between of the same tunnel. If you run the same tunnel UUID on two separate hosts, the load balancer treats both hosts as a single origin server. To maintain between a client and a particular host, you will need to connect each host to Cloudflare using a different tunnel UUID.
Local connection preference
If you notice traffic imbalances across origin servers in different locations, you may have to adjust your load balancer setup.
cloudflared connections give preference to tunnels that terminate in the same Cloudflare data center. This behavior can impact how connections are weighted and traffic is distributed.