Create a tunnel (API)
Follow this guide to set up a Cloudflare Tunnel using the API.
Create an API token with the following permissions:
|Type
|Item
|Permission
|Account
|Cloudflare Tunnel
|Edit
|Zone
|DNS
|Edit
Make a
POST request to the Cloudflare Tunnel endpoint:
At least one of the following token permissions
is required:
Required API token permissions
Cloudflare One Connectors Write
Cloudflare One Connector: cloudflared Write
Cloudflare Tunnel Write
Copy the
id and
token values shown in the output. You will need these values to configure and run the tunnel.
The next steps depend on whether you want to publish an application to the Internet or connect a private network.
Before you publish an application through your tunnel, you must:
Follow these steps to publish an application to the Internet. If you are looking to connect a private resource, skip to the Connect a network section.
-
Make a
PUTrequest to route your local service URL to a public hostname. For example,
At least one of the following token permissions is required:
Required API token permissions
Cloudflare One Connectors Write
Cloudflare One Connector: cloudflared Write
Cloudflare Tunnel Write
Your ingress rules must include a catch-all rule at the end. In this example,
cloudflaredwill respond with a 404 status code when the request does not match any of the previous hostnames.
-
Create a DNS record for your application:
At least one of the following token permissions is required:
Required API token permissions
DNS Write
This DNS record allows Cloudflare to proxy
app.example.comtraffic to your Cloudflare Tunnel (
<tunnel-id>.cfargotunnel.com).
This application will be publicly available on the Internet once you run the tunnel. To allow or block specific users, create an Access application.
To connect a private network through your tunnel, add a tunnel route:
At least one of the following token permissions
is required:
Required API token permissions
Cloudflare One Networks Write
Cloudflare Tunnel Write
cloudflared can now route traffic to these destination IPs. To configure Zero Trust policies and connect as a user, refer to Connect private networks.
Install
cloudflared on your server and run the tunnel using the
token value obtained in 2. Create a tunnel. You can also get the tunnel token using the Cloudflare Tunnel token endpoint.
-
Download and install ↗
cloudflared.
-
Run the following command:
-
Download and install
cloudflared.
-
Open Command Prompt as administrator.
-
Run the following command:
-
Download and install
cloudflared.
-
Open a terminal window and run the following command:
-
Open a terminal window.
-
Run the following command:
To check if the tunnel is serving traffic:
At least one of the following token permissions
is required:
Required API token permissions
Cloudflare One Connectors Write
Cloudflare One Connectors Read
Cloudflare One Connector: cloudflared Write
Cloudflare One Connector: cloudflared Read
Cloudflare Tunnel Write
Cloudflare Tunnel Read
A healthy tunnel will have four connections to Cloudflare's network.
