Set up a tunnel locally

Follow this step-by-step guide to get your first tunnel up and running using the CLI.

​​ Prerequisites

Before you start, make sure you:

• Add a website to Cloudflare.
• Change your domain nameservers to Cloudflare.

​​ 1. Download and install cloudflared

PS C:\Users\Administrator\Downloads\cloudflared-stable-windows-amd64> .\cloudflared.exe --version

$ brew install cloudflared

$ sudo mkdir -p --mode=0755 /usr/share/keyrings
$ curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

$ echo "deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflared.list

$ sudo apt-get update && sudo apt-get install cloudflared

$ curl -fsSL https://pkg.cloudflare.com/cloudflared-ascii.repo | sudo tee /etc/yum.repos.d/cloudflared.repo

$ sudo yum update && sudo yum install cloudflared

$ pacman -Syu cloudflared

$ git clone https://github.com/cloudflare/cloudflared.git
$ cd cloudflared
$ make cloudflared
$ go install github.com/cloudflare/cloudflared/cmd/cloudflared

$ mv /root/cloudflared/cloudflared /usr/bin/cloudflared

​​ 2. Authenticate cloudflared

$ cloudflared tunnel login

Running this command will:

• Open a browser window and prompt you to log in to your Cloudflare account. After logging in to your account, select your hostname.
• Generate an account certificate, the cert.pem file, in the default cloudflared directory.

​​ 3. Create a tunnel and give it a name

$ cloudflared tunnel create <NAME>

Running this command will:

• Create a tunnel by establishing a persistent relationship between the name you provide and a UUID for your tunnel. At this point, no connection is active within the tunnel yet.
• Generate a tunnel credentials file in the default cloudflared directory.
• Create a subdomain of .cfargotunnel.com.

From the output of the command, take note of the tunnel’s UUID and the path to your tunnel’s credentials file.

Confirm that the tunnel has been successfully created by running:

$ cloudflared tunnel list

​​ 4. Create a configuration file

1. In your .cloudflared directory, create a config.yml file using any text editor. This file will configure the tunnel to route traffic from a given origin to the hostname of your choice.

2. Add the following fields to the file:

If you are connecting an application:

config.yml
url: http://localhost:8000
tunnel: <Tunnel-UUID>
credentials-file: /root/.cloudflared/<Tunnel-UUID>.json

If you are connecting a private network:

config.yml
tunnel: <Tunnel-UUID>
credentials-file: /root/.cloudflared/<Tunnel-UUID>.json
warp-routing:
    enabled: true

3. Confirm that the configuration file has been successfully created by running:

   $ cat config.yml
   

​​ 5. Start routing traffic

1. Now assign a CNAME record that points traffic to your tunnel subdomain:

   • If you are connecting an application, route the service to a public hostname:

   $ cloudflared tunnel route dns <UUID or NAME> <hostname>
   
   • If you are connecting a private network, route an IP address or CIDR through the tunnel:

   $ cloudflared tunnel route ip add <IP/CIDR> <UUID or NAME>
   

2. Confirm that the route has been successfully established:

   $ cloudflared tunnel route ip show
   

​​ 6. Run the tunnel

Run the tunnel to proxy incoming traffic from the tunnel to any number of services running locally on your origin.

$ cloudflared tunnel run <UUID or NAME>

If your configuration file has a custom name or is not in the .cloudflared directory, add the --config flag and specify the path.

$ cloudflared tunnel --config /path/your-config-file.yml run <UUID or NAME>

​​ 7. Check the tunnel

Your tunnel configuration is complete! If you want to get information on the tunnel you just created, you can run:

$ cloudflared tunnel info <UUID or NAME>

You can now route traffic to your tunnel using Cloudflare DNS or determine who can reach your tunnel with Cloudflare Access.