Go to file
GoncaloGarcia bb29a0e194 Release 2024.3.0 2024-03-19 18:08:31 +00:00
.github ci/check: bump actions/setup-go to v5 2024-03-06 10:29:55 +00:00
.mac_resources AUTH-2712 mac package build script and better config file handling when started as a service 2020-06-25 16:44:57 -05:00
.teamcity TUN-8146: Fix Makefile targets should not be run in parallel and install-go script was missing shebang 2024-01-11 15:36:15 +00:00
carrier TUN-7057: Remove dependency github.com/gorilla/mux 2022-12-24 21:05:51 -07:00
cfapi TUN-8281: Run cloudflared query list tunnels/routes endpoint in a paginated way 2024-03-19 16:35:40 +00:00
cfio TUN-6035: Reduce buffer size when proxying data 2022-04-11 14:41:33 +00:00
cmd/cloudflared Update linux_service.go 2024-03-06 10:29:55 +00:00
component-tests TUN-8242: Enable remote diagnostics by default 2024-02-20 11:31:16 +00:00
config TUN-7776: Remove warp-routing flag from cloudflared 2023-09-18 10:02:56 +01:00
connection TUN-8236: Add write timeout to quic and tcp connections 2024-02-15 17:54:52 +00:00
credentials TUN-7134: Acquire token for cloudflared tail 2023-04-12 09:43:38 -07:00
datagramsession TUN-7477: Decrement UDP sessions on shutdown 2023-07-06 22:14:53 +00:00
edgediscovery TUN-7131: Add cloudflared log event to connection messages and enable streaming logs 2023-04-12 14:41:11 -07:00
features TUN-7970: Default to enable post quantum encryption for quic transport 2023-12-07 11:37:46 +00:00
fips RTG-1339 Support post-quantum hybrid key exchange 2022-09-07 19:32:53 +00:00
h2mux TUN-7585: Remove h2mux compression 2023-07-18 18:14:19 +00:00
hello TUN-7590: Remove usages of ioutil 2023-07-17 19:08:38 +00:00
ingress TUN-8236: Add write timeout to quic and tcp connections 2024-02-15 17:54:52 +00:00
internal/test TUN-7125: Add management streaming logs WebSocket protocol 2023-04-05 16:25:16 +00:00
ipaccess TUN-6016: Push local managed tunnels configuration to the edge 2022-05-06 15:43:24 +00:00
logger TUN-7543: Add --debug-stream flag to cloudflared access ssh 2023-06-29 10:29:15 -07:00
management TUN-7586: Upgrade go-jose/go-jose/v3 and core-os/go-oidc/v3 2023-07-17 19:02:03 +00:00
metrics TUN-7147: Revert wrong removal of debug endpoint from metrics port 2023-01-31 11:51:29 +00:00
orchestration TUN-8236: Add write timeout to quic and tcp connections 2024-02-15 17:54:52 +00:00
overwatch AUTH-2169 make access login page more generic 2020-06-08 11:20:30 -05:00
packet ZTC-234: Replace ICMP funnels when ingress connection changes 2022-11-11 19:43:26 +00:00
proxy TUN-8238: Fix type mismatch introduced by fast-forward 2024-02-19 12:41:38 +00:00
quic TUN-8297: Improve write timeout logging on safe_stream.go 2024-03-13 13:30:45 +00:00
retry TUN-7624: Fix flaky TestBackoffGracePeriod test in cloudflared 2023-07-24 14:39:25 +01:00
signal TUN-1562: Refactor connectedSignal to be safe to close multiple times 2019-03-05 15:51:35 -06:00
socks TUN-7590: Remove usages of ioutil 2023-07-17 19:08:38 +00:00
ssh_server_tests Fix typos 2021-11-12 17:38:06 +02:00
sshgen TUN-7584: Bump go 1.20.6 2023-07-26 13:52:40 -07:00
stream TUN-7545: Add support for full bidirectionally streaming with close signal propagation 2023-07-06 11:54:26 +01:00
supervisor TUN-8236: Add write timeout to quic and tcp connections 2024-02-15 17:54:52 +00:00
tlsconfig TUN-7590: Remove usages of ioutil 2023-07-17 19:08:38 +00:00
token AUTH-5682 Org token flow in Access logins should pass CF_AppSession cookie 2023-12-18 09:42:33 -06:00
tracing TUN-8052: Update go to 1.21.5 2023-12-15 12:17:21 +00:00
tunneldns TUN-7590: Remove usages of ioutil 2023-07-17 19:08:38 +00:00
tunnelrpc tunnelrpc/pogs: fix dropped test errors (#1106) 2023-12-14 16:29:16 +00:00
tunnelstate TUN-6617: Dont fallback to http2 if QUIC conn was successful. 2022-08-12 08:40:03 +00:00
validation TUN-7628: Correct Host parsing for Access 2023-07-25 09:33:11 -07:00
vendor TUN-8158: Bring back commit e653741885 and fixes infinite loop on linux when the socket is closed 2024-01-22 13:46:33 +00:00
watcher TUN-7584: Bump go 1.20.6 2023-07-26 13:52:40 -07:00
websocket TUN-7057: Remove dependency github.com/gorilla/mux 2022-12-24 21:05:51 -07:00
.docker-images TUN-6825: Fix cloudflared:version images require arch hyphens 2022-10-04 15:48:58 +00:00
.dockerignore TUN-5129: Use go 1.17 and copy .git folder to docker build to compute version 2021-09-21 15:50:35 +00:00
.gitignore TUN-5853 Add "install" make target and build package manager info into executable 2022-03-08 15:31:14 -06:00
CHANGES.md TUN-8242: Update Changes.md file with new remote diagnostics behaviour 2024-02-20 16:22:20 +00:00
Dockerfile TUN-8130: Install go tool chain in /tmp on build agents 2024-01-09 22:50:05 +00:00
Dockerfile.amd64 TUN-8130: Install go tool chain in /tmp on build agents 2024-01-09 22:50:05 +00:00
Dockerfile.arm64 TUN-8130: Install go tool chain in /tmp on build agents 2024-01-09 22:50:05 +00:00
LICENSE TUN-5851: Update all references to point to Apache License 2.0 2022-03-08 17:35:31 +00:00
Makefile TUN-8146: Fix Makefile targets should not be run in parallel and install-go script was missing shebang 2024-01-11 15:36:15 +00:00
README.md TUN-8118: Disable FIPS module to build with go-boring without CGO_ENABLED 2024-01-08 18:16:06 +00:00
RELEASE_NOTES Release 2024.3.0 2024-03-19 18:08:31 +00:00
build-packages-fips.sh TUN-8129: Use the same build command between branch and release builds 2024-01-09 17:07:49 +00:00
build-packages.sh TUN-8176: Support ARM platforms that don't have an FPU or have it enabled in kernel 2024-01-22 16:35:59 +00:00
catalog-info.yaml TUN-7599: Onboard cloudflared to Software Dashboard 2023-07-19 13:30:35 +00:00
cfsetup.yaml TUN-8140: Remove homebrew scripts 2024-01-11 11:34:33 +00:00
check-fips.sh TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
cloudflared.wxs Remove extraneous `period` from Path Environment Variable (#1009) 2023-12-14 16:32:48 +00:00
cloudflared_man_template AUTH-2644: Change install location and add man page 2020-07-06 19:27:25 +00:00
dev.Dockerfile TUN-8130: Install go tool chain in /tmp on build agents 2024-01-09 22:50:05 +00:00
fmt-check.sh TUN-6917: Bump go to 1.19.3 2022-11-07 09:19:19 -08:00
github_message.py TUN-6823: Update github release message to pull from KV 2022-10-11 15:43:06 +00:00
github_release.py TUN-7392: Ignore release checksum upload if asset already uploaded 2023-04-26 13:46:35 -07:00
go.mod TUN-8158: Bring back commit e653741885 and fixes infinite loop on linux when the socket is closed 2024-01-22 13:46:33 +00:00
go.sum TUN-8158: Bring back commit e653741885 and fixes infinite loop on linux when the socket is closed 2024-01-22 13:46:33 +00:00
postinst.sh AUTH-2858: Set file to disable autoupdate 2020-07-10 18:03:07 +00:00
postrm.sh TUN-8290: Remove `|| true` from postrm.sh 2024-03-07 16:22:56 +00:00
release_pkgs.py TUN-7718: Update R2 Token to no longer encode secret 2023-08-25 13:01:28 +00:00
wix.json AUTH-2712 mac package build script and better config file handling when started as a service 2020-06-25 16:44:57 -05:00

README.md

Cloudflare Tunnel client

Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins. This daemon sits between Cloudflare network and your origin (e.g. a webserver). Cloudflare attracts client requests and sends them to you via this daemon, without requiring you to poke holes on your firewall --- your origin can remain as closed as possible. Extensive documentation can be found in the Cloudflare Tunnel section of the Cloudflare Docs. All usages related with proxying to your origins are available under cloudflared tunnel help.

You can also use cloudflared to access Tunnel origins (that are protected with cloudflared tunnel) for TCP traffic at Layer 4 (i.e., not HTTP/websocket), which is relevant for use cases such as SSH, RDP, etc. Such usages are available under cloudflared access help.

You can instead use WARP client to access private origins behind Tunnels for Layer 4 traffic without requiring cloudflared access commands on the client side.

Before you get started

Before you use Cloudflare Tunnel, you'll need to complete a few steps in the Cloudflare dashboard: you need to add a website to your Cloudflare account. Note that today it is possible to use Tunnel without a website (e.g. for private routing), but for legacy reasons this requirement is still necessary:

  1. Add a website to Cloudflare
  2. Change your domain nameservers to Cloudflare

Installing cloudflared

Downloads are available as standalone binaries, a Docker image, and Debian, RPM, and Homebrew packages. You can also find releases here on the cloudflared GitHub repository.

User documentation for Cloudflare Tunnel can be found at https://developers.cloudflare.com/cloudflare-one/connections/connect-apps

Creating Tunnels and routing traffic

Once installed, you can authenticate cloudflared into your Cloudflare account and begin creating Tunnels to serve traffic to your origins.

TryCloudflare

Want to test Cloudflare Tunnel before adding a website to Cloudflare? You can do so with TryCloudflare using the documentation available here.

Deprecated versions

Cloudflare currently supports versions of cloudflared that are within one year of the most recent release. Breaking changes unrelated to feature availability may be introduced that will impact versions released more than one year ago. You can read more about upgrading cloudflared in our developer documentation.

For example, as of January 2023 Cloudflare will support cloudflared version 2023.1.1 to cloudflared 2022.1.1.