Connect multiple HTTP origins
You can use to connect one or more applications and servers to Cloudflare’s network. Cloudflare Tunnel relies on a piece of software,
cloudflared, to create those connections. Instead of pointing a DNS record to a public IP address and relying on IP-based network firewall rules, Cloudflare Tunnel ensures traffic to your origin server passes through Cloudflare’s network where firewall or Zero Trust rules can be applied.
You can deploy a single instance of
cloudflared to proxy traffic to a single service with a single hostname or multiple destinations for multiple hostnames.
This tutorial covers how to:
- Start a secure, outbound-only, connection from a machine to Cloudflare for multiple applications
- Give those applications hostnames where users can connect
Time to complete:
In this example, two resources are running and need to be connected to the Internet:
- a . Hugo, a static site generator, provides a built-in server that can be used for testing changes. That server is available at
- Grafana, a charting application. Grafana is available at
$ brew install cloudflare/cloudflare/cloudflared
Once installed, run the following command in your Terminal to authenticate this instance of
cloudflared into your Cloudflare account.
$ cloudflared login
The command will launch a browser window and prompt you to login with your Cloudflare account. Choose a website that you have added into your account. The authentication is account-wide and you can use the same authentication flow for multiple hostnames in your account regardless of which you choose in this step.
Once you click one of the sites in your account, Cloudflare will download a certificate file, called
cert.pem to authenticate this instance of
cert.pem file uses a certificate to authenticate your instance of
cloudflared and includes an API key for your account to perform actions like DNS record changes.
You can now use
cloudflared to control Cloudflare Tunnel connections in your Cloudflare account.
Create a Tunnel
Run the following command to create a Tunnel. You can replace
new-website with any name that you choose. This command requires the
$ cloudflared tunnel create new-website
Cloudflare will create the Tunnel with that name and generate an ID and credentials file for that Tunnel. This Tunnel will represent both applications and both hostnames.
cloudflared expects the configuration file at a specific location:
~/.cloudflared/config.yml. You can modify this location if you want. For this example, we’ll keep the default. Create or edit your configuration file using a text editor.
$ vim ~/.cloudflared/config.yml
credentials-file value can be copied from the output of the
tunnel create command or by running
cloudflared tunnel list and choosing the Tunnel you intend to use.
tunnel: 5157d321-5933-4b30-938b-d889ca87e11bcredentials-file: /Users/samrhea/.cloudflared/5157d321-5933-4b30-938b-d889ca87e11b.jsoningress:- hostname: grafana.widgetcorp.techservice: http://localhost:3000- hostname: blog.widgetcorp.techservice: http://localhost:1313# Catch-all rule, which just responds with 404 if traffic doesn't match any of# the earlier rules- service: http_status:404
The configuration above will send traffic received for the
grafana subdomain to the Grafana address and traffic bound for the
blog subdomain to the Hugo address. The last service rule specifies a catch-all which will respond to requests that do not meet the previous rules. You must include a catch-all. In this case, the catch-all returns a 404.
You can run the following command to validate the configuration file before you start your tunnel. If an error is present,
cloudflared will alert you first.
$ cloudflared tunnel validate
Run Cloudflare Tunnel
At this point, you have created and configured your Cloudflare Tunnel connection. You can now that Tunnel. Running it will create connections to Cloudflare’s edge. Those connections will not respond to traffic, yet. You’ll add DNS records in the next step to share the resource across the Internet.
$ cloudflared tunnel run
Create or modify DNS records
+Add record and choose
CNAME. In the Name field, add the name of the subdomain of your new site. In this example, that would be
blog. Also ensure that
Proxy status is turned on.
In the Content field, paste the ID of your Tunnel created earlier and append
cfargotunnel.com. Repeat this process for the second subdomain - they will both share the same Tunnel address.
For example, the
CNAME entry for
blog should point to the same value; in this example, that would be the following string:
Once saved, you can share the subdomain created and visitors can reach both applications.