Can I create a Tunnel for an apex domain?
Does Cloudflare Tunnel support Websockets?
Does Cloudflare Tunnel support gRPC?
How can Tunnel be used with Partial DNS (CNAME Setup)?
The best experience with Cloudflare Tunnel is using Full Setup because Cloudflare manages DNS for the domain and can automatically configure DNS records for newly started Tunnels.
You can still use Tunnel with Partial Setup. You will need to create a new DNS record with your current DNS provider for each new hostname connected through Cloudflare Tunnel. The DNS record should be of type CNAME or ALIAS if it is on the root of the domain. The name of the record should be the subdomain it corresponds to (e.g.
tunnel.example.com) and the value of the record should be
How can origin servers be secured when using Tunnel?
Tunnel can expose web applications to the Internet that sit behind a NAT or firewall. Thus, you can keep your web server otherwise completely locked down. To double check that your origin web server is not responding to requests outside Cloudflare while Tunnel is running you can run netcat in the command line:
$ netcat -zv [your-server’s-ip-address] 80$ netcat -zv [your-server’s-ip-address] 443
If your server is still responding on those ports, you will see:
[ip-address] 80 (http) open
If your server is correctly locked down, you will see:
[ip-address] 443 (https): Connection refused
What records are created for routing to a Named Tunnel’s hostname?
<UUID>.cfargotunnel.com; Or as Load Balancer origins, which also point to
Does Cloudflare Tunnel send visitor IPs to my origin?
Why does the name ‘warp’ and ‘argo’ appear in some legacy materials?
How can I troubleshoot a Tunnel that was configured from Zero Trust?
Ensure that only one instance of
cloudflared is installed as a service
If you are unable to create a Tunnel using the installation script (“cloudflared service is already installed”), ensure that no other
cloudflared instances are running as a service on this machine. Only a single instance of
cloudflared may run as a service on any given machine. Instead, we recommend adding additional routes to your existing Tunnel. Alternatively, you can run
sudo cloudflared service uninstall to uninstall
Check your DNS records
If you are unable to save your Tunnel’s public hostname (“An A, AAAA, or CNAME record with that host already exists”), choose a different hostname or delete the existing DNS record. for your domain from the .
View debug logs
How can I troubleshoot a Tunnel that was configured through the CLI?
View debug logs
Check SSL/TLS encryption mode
- On the Cloudflare dashboard for your zone, go to SSL/TLS > Overview.
- If your SSL/TLS encryption mode is Off (not secure), make sure that it is set to Flexible, Full or Full (strict).
When the encryption mode is set to Off (not secure), you may encounter connection issues when running a Tunnel.
Check location of credentials file
If you encounter the following error when running a Tunnel, double check your
config.yml file and ensure that the
credentials-file points to the correct location. You may need to change
/root/ to your home directory.
$ cloudflared tunnel run2021-06-04T06:21:16Z INF Starting tunnel tunnelID=928655cc-7f95-43f2-8539-2aba6cf3592dTunnel credentials file '/root/.cloudflared/928655cc-7f95-43f2-8539-2aba6cf3592d.json' doesn't exist or is not a file
How do I contact support?
I am having an issue with a locally-managed tunnel.
Before contacting the Cloudflare support team:
Take note of any specific error messages and/or problematic behaviors.
Take note of any options you specified, either on the command line or in your configuration file, when starting your tunnel.
Include your Cloudflare Tunnel logs file (
cloudflared.log). If you did not specify a log file when starting your tunnel, you can do so using the either on the command line or in your configuration file.
Include your full
config.ymlfile for the affected tunnel.
Gather any relevant error/access logs from your server.