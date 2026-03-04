Setup
Create a Cloudflare Tunnel and publish your first application in under 5 minutes.
- A Cloudflare account ↗
- A domain on Cloudflare (required to publish applications)
- A server or VM with internet access where you will install
cloudflared
To create a new Cloudflare Tunnel:
-
In the Cloudflare dashboard ↗, go to Networking > Tunnels.Go to Tunnels
-
Select Create Tunnel.
-
Enter a name for your tunnel (for example,
production-webor
staging-api).
-
Select Create Tunnel.
-
Under Setup Environment, select the operating system and architecture of your server.
-
Copy the install commands shown under Install and Run and run them in a terminal on your server.
-
Once the tunnel connects, select Continue.
Your tunnel should appear on the Tunnels page with a
Healthy status.
-
Create an API token with the following permissions:
Type Item Permission Account Cloudflare Tunnel Edit Zone DNS Edit
-
Create a tunnel:
At least one of the following token permissions is required:
Required API token permissions
Cloudflare One Connectors Write
Cloudflare One Connector: cloudflared Write
Cloudflare Tunnel Write
-
Copy the
idand
tokenvalues from the response. You will need them to configure and run the tunnel.
To make an application accessible from the Internet, add a published application route to your tunnel. The tunnel route maps a public hostname to a local service.
-
In the Cloudflare dashboard ↗, go to Networking > Tunnels and select your tunnel. Go to Tunnels
-
Under Routes, select Add route.
-
Select Published application.
-
Under Hostname, enter a subdomain and select a domain from the drop-down menu.
-
For Service URL, enter the local address and port of your application.
For example, if your web server runs on the same machine as
cloudflared:
- HTTP on port
80:
http://localhost:80
- HTTPS on port
443:
https://localhost:443
If your web server runs on a different machine:
http://192.0.2.1:80
- HTTP on port
-
Select Add route.
-
Configure your tunnel's ingress rules:
At least one of the following token permissions is required:
Required API token permissions
Cloudflare One Connectors Write
Cloudflare One Connector: cloudflared Write
Cloudflare Tunnel Write
Your ingress rules must include a catch-all rule at the end. In this example,
cloudflaredwill respond with a 404 status code when the request does not match any hostname.
-
Create a DNS record for your application:
At least one of the following token permissions is required:
Required API token permissions
DNS Write
-
Install
cloudflaredon your server and run the tunnel using the
tokenobtained in Create a tunnel:
-
Download and install ↗
cloudflared.
-
Run the following command:
-
Download and install
cloudflared.
-
Open Command Prompt as administrator.
-
Run the following command:
-
Download and install
cloudflared.
-
Open a terminal window and run the following command:
-
Open a terminal window.
-
Run the following command:
-
Your application is now live at the hostname you configured. Cloudflare automatically proxies traffic through its network, applying CDN caching, WAF, and DDoS protection.
For local development, you can instantly expose localhost without a Cloudflare account:
This generates a random
trycloudflare.com subdomain that proxies traffic to your local server. Quick tunnels are for testing only — they have a 200 concurrent request limit and do not support Server-Sent Events (SSE).
For production use, create a tunnel instead.
- Routing — Configure DNS records, load balancers, and protocol support.
- Configuration — Deploy replicas, manage tokens, and tune performance.
- Deployment guides — Deploy on Kubernetes, AWS, GCP, Terraform, and more.
- Troubleshooting — Resolve common errors and connectivity issues.