Go to file
Nuno Diegues 01ad2785ee TUN-5551: Change internally published debian package to be FIPS compliant
This changes existing Makefile targets to make it obvious that they are
used to publish debian packages for internal Cloudflare usage. Those are
now FIPS compliant, with no alternative provided. This only affects amd64
builds (and we only publish internally for Linux).

This new Makefile target is used by all internal builds (including nightly
that is used for e2e tests).

Note that this Makefile target renames the artifact to be just `cloudflared`
so that this is used "as is" internally, without expecting people to opt-in
to the new `cloudflared-fips` package (as we are giving them no alternative).
2021-12-28 19:01:03 +00:00
.github/workflows TUN-5012: Use patched go-sumtype 2021-08-30 10:10:25 +01:00
.mac_resources AUTH-2712 mac package build script and better config file handling when started as a service 2020-06-25 16:44:57 -05:00
.teamcity TUN-5164: Update README and clean up references to Argo Tunnel (using Cloudflare Tunnel instead) 2021-09-29 08:27:47 +00:00
carrier Fix typos 2021-11-12 17:38:06 +02:00
certutil Fix typos 2021-11-12 17:38:06 +02:00
cfapi TUN-5482: Refactor tunnelstore client related packages for more coherent package 2021-12-28 17:17:49 +00:00
cmd/cloudflared TUN-5482: Refactor tunnelstore client related packages for more coherent package 2021-12-28 17:17:49 +00:00
component-tests TUN-5397: Log cloudflared output when it fails to connect tunnel 2021-11-10 10:34:34 +00:00
config TUN-4359: Warn about unused keys in 'tunnel ingress validate' 2021-05-13 02:05:19 +01:00
connection TUN-5597: Log session ID when session is terminated by edge 2021-12-23 11:43:23 +00:00
datagramsession TUN-5593: Read full packet from UDP connection, even if it exceeds MTU of the transport. When packet length is greater than the MTU of the transport, we will silently drop packets (for now). 2021-12-22 17:18:22 -06:00
edgediscovery TUN-5138: Switch to QUIC on auto protocol based on threshold 2021-10-14 09:18:20 +01:00
fips TUN-3905: Cannot run go mod vendor in cloudflared due to fips 2021-03-09 17:31:59 +04:00
h2mux TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
hello TUN-5164: Update README and clean up references to Argo Tunnel (using Cloudflare Tunnel instead) 2021-09-29 08:27:47 +00:00
ingress TUN-5481: Create abstraction for Origin UDP Connection 2021-12-06 16:37:09 +00:00
ipaccess TUN-4017: Add support for using cloudflared as a full socks proxy. 2021-03-10 21:26:12 +00:00
logger TUN-4067: Reformat code for consistent import order, grouping, and fix formatting. Added goimports target to the Makefile to make this easier in the future. 2021-03-24 10:53:29 -05:00
metrics TUN-5368: Log connection issues with LogLevel that depends on tunnel state 2021-11-10 09:00:05 +00:00
origin TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
overwatch AUTH-2169 make access login page more generic 2020-06-08 11:20:30 -05:00
quic TUN-5593: Read full packet from UDP connection, even if it exceeds MTU of the transport. When packet length is greater than the MTU of the transport, we will silently drop packets (for now). 2021-12-22 17:18:22 -06:00
retry TUN-3863: Consolidate header handling logic in the connection package; move headers definitions from h2mux to packages that manage them; cleanup header conversions 2021-03-29 21:57:56 +00:00
signal TUN-1562: Refactor connectedSignal to be safe to close multiple times 2019-03-05 15:51:35 -06:00
socks Fix typos 2021-11-12 17:38:06 +02:00
ssh_server_tests Fix typos 2021-11-12 17:38:06 +02:00
sshgen TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
tlsconfig TUN-3983: Renew CA certs in cloudflared 2021-03-01 16:30:28 +00:00
token TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
tunneldns Fix typos 2021-11-12 17:38:06 +02:00
tunnelrpc TUN-5494: Send a RPC with terminate reason to edge if the session is closed locally 2021-12-21 09:52:39 +00:00
tunnelstate TUN-5368: Log connection issues with LogLevel that depends on tunnel state 2021-11-10 09:00:05 +00:00
validation TUN-5164: Update README and clean up references to Argo Tunnel (using Cloudflare Tunnel instead) 2021-09-29 08:27:47 +00:00
vendor TUN-5408: Update quic package to v0.24.0 2021-11-10 22:10:38 +00:00
watcher TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
websocket Revert "TUN-5184: Make sure outstanding websocket write is finished, and no more writes after shutdown" 2021-10-25 19:51:52 +01:00
.docker-images AUTH-2871: fix rpm builds 2020-07-08 14:39:28 +00:00
.dockerignore TUN-5129: Use go 1.17 and copy .git folder to docker build to compute version 2021-09-21 15:50:35 +00:00
.gitignore TUN-4761: Added a build-all-packages target to cfsetup 2021-07-22 16:36:49 +01:00
CHANGES.md TUN-5584: Changes for release 2021.12.2 2021-12-22 08:58:11 +00:00
Dockerfile TUN-5129: Use go 1.17 and copy .git folder to docker build to compute version 2021-09-21 15:50:35 +00:00
LICENSE TUN-595: Add License/Readme files to cloudflared 2018-05-03 02:17:07 -05:00
Makefile TUN-5551: Change internally published debian package to be FIPS compliant 2021-12-28 19:01:03 +00:00
README.md TUN-5164: Update README and clean up references to Argo Tunnel (using Cloudflare Tunnel instead) 2021-09-29 08:27:47 +00:00
RELEASE_NOTES Release 2021.12.3 2021-12-23 15:42:15 +00:00
build-packages-fips.sh TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
build-packages.sh TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
cfsetup.yaml TUN-5551: Change internally published debian package to be FIPS compliant 2021-12-28 19:01:03 +00:00
check-fips.sh TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
cloudflared.wxs TUN-4911: Append Environment variable to Path instead of overwriting it 2021-08-09 15:45:29 +01:00
cloudflared_man_template AUTH-2644: Change install location and add man page 2020-07-06 19:27:25 +00:00
dev.Dockerfile TUN-4357: Bump Go to 1.16 2021-05-13 02:05:18 +01:00
fmt-check.sh TUN-4067: Reformat code for consistent import order, grouping, and fix formatting. Added goimports target to the Makefile to make this easier in the future. 2021-03-24 10:53:29 -05:00
github_message.py AUTH-3148 fixed cloudflared copy and match all the files in the checksum upload 2020-10-06 11:39:40 -05:00
github_release.py Fix typos 2021-11-12 17:38:06 +02:00
go.mod TUN-5408: Update quic package to v0.24.0 2021-11-10 22:10:38 +00:00
go.sum TUN-5408: Update quic package to v0.24.0 2021-11-10 22:10:38 +00:00
jet.yaml TUN-5164: Update README and clean up references to Argo Tunnel (using Cloudflare Tunnel instead) 2021-09-29 08:27:47 +00:00
postinst.sh AUTH-2858: Set file to disable autoupdate 2020-07-10 18:03:07 +00:00
postrm.sh AUTH-2858: Set file to disable autoupdate 2020-07-10 18:03:07 +00:00
wix.json AUTH-2712 mac package build script and better config file handling when started as a service 2020-06-25 16:44:57 -05:00

README.md

Cloudflare Tunnel client

Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins. This daemon sits between Cloudflare network and your origin (e.g. a webserver). Cloudflare attracts client requests and sends them to you via this daemon, without requiring you to poke holes on your firewall --- your origin can remain as closed as possible. Extensive documentation can be found in the Cloudflare Tunnel section of the Cloudflare Docs. All usages related with proxying to your origins are available under cloudflared tunnel help.

You can also use cloudflared to access Tunnel origins (that are protected with cloudflared tunnel) for TCP traffic at Layer 4 (i.e., not HTTP/websocket), which is relevant for use cases such as SSH, RDP, etc. Such usages are available under cloudflared access help.

You can instead use WARP client to access private origins behind Tunnels for Layer 4 traffic without requiring cloudflared access commands on the client side.

Before you get started

Before you use Cloudflare Tunnel, you'll need to complete a few steps in the Cloudflare dashboard: you need to add a website to your Cloudflare account. Note that today it is possible to use Tunnel without a website (e.g. for private routing), but for legacy reasons this requirement is still necessary:

  1. Add a website to Cloudflare
  2. Change your domain nameservers to Cloudflare

Installing cloudflared

Downloads are available as standalone binaries, a Docker image, and Debian, RPM, and Homebrew packages. You can also find releases here on the cloudflared GitHub repository.

User documentation for Cloudflare Tunnel can be found at https://developers.cloudflare.com/cloudflare-one/connections/connect-apps

Creating Tunnels and routing traffic

Once installed, you can authenticate cloudflared into your Cloudflare account and begin creating Tunnels to serve traffic to your origins.

TryCloudflare

Want to test Cloudflare Tunnel before adding a website to Cloudflare? You can do so with TryCloudflare using the documentation available here.

Deprecated versions

Cloudflare currently supports versions of cloudflared 2020.5.1 and later. Breaking changes unrelated to feature availability may be introduced that will impact versions released prior to 2020.5.1. You can read more about upgrading cloudflared in our developer documentation.

Version(s) Deprecation status
2020.5.1 and later Supported
Versions prior to 2020.5.1 No longer supported