Set up your first tunnel
When setting up your first Cloudflare Tunnel, you have the option to create it:
Prerequisites
Before you start, make sure you:
Set up a tunnel remotely (Dashboard setup)
Follow this step-by-step guide to get your first tunnel up and running using the Zero Trust dashboard.
1. Create a tunnel
Log in to the Zero Trust dashboard and navigate to Access > Tunnels.
Click Create a tunnel.
Enter a name for your tunnel. We suggest choosing a name that reflects the type of resources you want to connect through this tunnel (for example,
enterprise-VPC-01).Click Save tunnel.
Next, you will need to install
cloudflaredand run it. To do so, check that the environment under Choose an environment reflects the operating system on your machine, then copy the command in the box below and paste it into a terminal window. Run the command.Once the command has finished running, your connector will appear on the Zero Trust dashboard.
Click Next.
The next steps depend on whether you want to connect an application or connect a network.
2. Connect an application
Follow these steps to connect an application through your tunnel. If you are looking to connect a network, skip to the Connect a network section.
In the Public Hostnames tab, select an application from the drop-down menu and specify any subdomain or path information.
Specify a service, for example
https://localhost:8000.Under Additional application settings, specify any parameters you would like to add to your tunnel configuration.
Click Save
<tunnel-name>.
3. Connect a network
Follow these steps to connect a private network through your tunnel.
In the Private Networks tab, add an IP or CIDR.
Click Save
<tunnel-name>.
4. View your tunnel
Once you click Save <tunnel-name>, you will be redirected to the Tunnels page. Look for your new tunnel to be listed along with its active connector.
Set up a tunnel locally (CLI setup)
Follow this step-by-step guide to get your first tunnel up and running using the CLI.
1. Download and install cloudflared
Windows
First, download cloudflared on your machine. Visit the downloads page to find the right package for your OS.
Next, rename the executable to cloudflared.exe, and then open PowerShell. Change directory to your Downloads folder and run .\cloudflared.exe --version. It should output the version of cloudflared. Note that cloudflared.exe could be cloudflared-windows-amd64.exe or cloudflared-windows-386.exe if you haven’t renamed it.
Replace the path in the example with the specifics of your Downloads directory:
PS C:\Users\Administrator\Downloads\cloudflared-stable-windows-amd64> .\cloudflared.exe --versionmacOS
The first step to creating a tunnel is to download and install cloudflared on your machine.
$ brew install cloudflare/cloudflare/cloudflared
Alternatively, you can download the latest Darwin amd64 release directly.
Linux
First, download cloudflared on your machine. Visit the downloads page to find the right package for your OS.
Next, install cloudflared.
.deb install
Use the deb package manager to install cloudflared on compatible machines. amd64 / x86-64 is used in this example.
$ wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb && dpkg -i cloudflared-linux-amd64.deb
.rpm install
Use the rpm package manager to install cloudflared on compatible machines. amd64 / x86-64 is used in this example.
$ wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-x86_64.rpm
Build from source
You can also build the latest version of cloudflared from source with the following steps.
$ git clone https://github.com/cloudflare/cloudflared.git
$ cd cloudflared
$ make cloudflared
$ go install github.com/cloudflare/cloudflared/cmd/cloudflared
Depending on where you installed cloudflared, you can move it to a known path as well.
mv /root/cloudflared/cloudflared /usr/bin/cloudflared
2. Authenticate cloudflared
$ cloudflared tunnel loginRunning this command will:
- Open a browser window and prompt you to log in to your Cloudflare account. After logging in to your account, select your hostname.
- Generate an account certificate, the cert.pem file, in the default
cloudflareddirectory.
3. Create a tunnel and give it a name
$ cloudflared tunnel create <NAME>
Running this command will:
- Create a tunnel by establishing a persistent relationship between the name you provide and a UUID for your tunnel. At this point, no connection is active within the tunnel yet.
- Generate a tunnel credentials file in the default
cloudflareddirectory. - Create a subdomain of
.cfargotunnel.com.
From the output of the command, take note of the tunnel’s UUID and the path to your tunnel’s credentials file.
Confirm that the tunnel has been successfully created by running:
$ cloudflared tunnel list 4. Create a configuration file
Create a configuration file in your .cloudflared directory using any text editor. This file will configure the tunnel to route traffic from a given origin to the hostname of your choice.
Add the following fields to the file:
If you are connecting an application
url: http://localhost:8000tunnel: <Tunnel-UUID>credentials-file: /root/.cloudflared/<Tunnel-UUID>.jsonIf you are connecting a network
tunnel: <Tunnel-UUID>credentials-file: /root/.cloudflared/<Tunnel-UUID>.jsonwarp-routing: enabled: trueConfirm that the configuration file has been successfully created by running:
$ cat config.yml 5. Start routing traffic
Now assign a CNAME record that points traffic to your tunnel subdomain.
If you are connecting an application
$ cloudflared tunnel route dns <UUID or NAME> <hostname>
If you are connecting a network
Add the IP/CIDR you would like to be routed through the tunnel.
$ cloudflared tunnel route ip add <IP/CIDR> <UUID or NAME>
You can confirm that the route has been successfully established by running:
$ cloudflared tunnel route ip show 6. Run the tunnel
Run the tunnel to proxy incoming traffic from the tunnel to any number of services running locally on your origin.
$ cloudflared tunnel run <UUID or NAME>
If your configuration file has a custom name or is not in the .cloudflared directory, add the --config flag and specify the path.
$ cloudflared tunnel --config /path/your-config-file.yaml run
7. Check the tunnel
Your tunnel configuration is complete! If you want to get information on the tunnel you just created, you can run:
$ cloudflared tunnel info