Skip to content

Set up your first tunnel

Follow this step-by-step guide to get your first tunnel up and running. Before you start, make sure you:

  1. Add a website to Cloudflare
  2. Change your domain nameservers to Cloudflare

1. Download and install cloudflared

Windows
First, download `cloudflared` on your machine. Visit the [downloads](/connections/connect-apps/install-and-setup/installation) page to find the right package for your OS. Next, rename the executable to `cloudflared.exe`, and then open PowerShell. Change directory to your Downloads folder and run `.\cloudflared.exe --version`. It should output the version of `cloudflared`. Note that `cloudflared.exe` could be `cloudflared-windows-amd64.exe` or `cloudflared-windows-386.exe` if you haven't renamed it. Replace the path in the example with the specifics of your Downloads directory: 
PS C:\Users\Administrator\Downloads\cloudflared-stable-windows-amd64> .\cloudflared.exe --version
macOS
The first step to creating a tunnel is to download and install `cloudflared` on your machine. 
$ brew install cloudflare/cloudflare/cloudflared
Alternatively, you can [download the latest Darwin amd64 release](/connections/connect-apps/install-and-setup/installation) directly.
Linux
First, download `cloudflared` on your machine. Visit the [downloads](/connections/connect-apps/install-and-setup/installation) page to find the right package for your OS. Next, install `cloudflared`. ### .deb install Use the deb package manager to install `cloudflared` on compatible machines. `amd64 / x86-64` is used in this example. 
$ wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb dpkg -i cloudflared-linux-amd64.deb
### ​.rpm install Use the rpm package manager to install `cloudflared` on compatible machines. `amd64 / x86-64` is used in this example. 
$ wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-x86_64.rpm
Build from source
You can also build the latest version of `cloudflared` from source with the following steps. 
$ git clone https://github.com/cloudflare/cloudflared.git
$ cd cloudflared
$ make cloudflared
$ go install github.com/cloudflare/cloudflared/cmd/cloudflared
Depending on where you installed `cloudflared`, you can move it to a known path as well. 
mv /root/cloudflared/cloudflared /usr/bin/cloudflared

2. Authenticate cloudflared

$ cloudflared tunnel login

Running this command will:

  • Open a browser window and prompt you to log into your Cloudflare account. After logging into your account, select your hostname.
  • Generate an account certificate, the cert.pem file, in the default cloudflared directory.

3. Create a tunnel and give it a name

$ cloudflared tunnel create <NAME>

Running this command will: * Create a tunnel by establishing a persistent relationship between the name you provide and a UUID for your tunnel. At this point, no connection is active within the tunnel yet. * Generate a tunnel credentials file in the default cloudflared directory. * Create a subdomain of .cfargotunnel.com.

From the output of the command, take note of the tunnel’s UUID and the path to your tunnel’s credentials file.

Confirm that the tunnel has been successfully created by running:

$ cloudflared tunnel list

4. Create a configuration file

Create a configuration file in your .cloudflared directory using any text editor. This file will configure the tunnel to route traffic from a given origin to the hostname of your choice.

Add the following fields to the file:

If you are connecting an application

url: http://localhost:8000
tunnel: <Tunnel-UUID>
credentials-file: /root/.cloudflared/<Tunnel-UUID>.json

If you are connecting a network

tunnel: <Tunnel-UUID>
credentials-file: /root/.cloudflared/<Tunnel-UUID>.json
warp-routing:
  enabled: true

Confirm that the configuration file has been successfully created by running:

$ cat config.yml

5. Start routing traffic

Now assign a CNAME record that points traffic to your tunnel subdomain.

If you are connecting an application

$ cloudflared tunnel route dns <UUID or NAME> <hostname>

If you are connecting a network

Add the IP/CIDR you would like to be routed through the tunnel.

$ cloudflared tunnel route ip add <IP/CIDR> <UUID or NAME>

You can confirm that the route has been successfully established by running:

$ cloudflared tunnel route ip show

6. Run the tunnel

Run the tunnel to proxy incoming traffic from the tunnel to any number of services running locally on your origin. 

$ cloudflared tunnel run <UUID or NAME>

If you want to run the tunnel with a configuration file that is not in the default directory, you can use the --config flag and specify a path.

$ cloudflared tunnel --config path/config.yml run

7. Check the tunnel

Your tunnel configuration is complete! If you want to get information on the tunnel you just created, you can run:

$ cloudflared tunnel info