Go to file
João Oliveirinha 4016334efc TUN-6642: Fix unexpected close of quic stream triggered by upstream origin close
This commit guarantees that stream is only closed once the are finished
handling the stream. Without it, we were seeing closes being triggered
by the code that proxies to the origin, which was resulting in failures
to actually send downstream the status code of the proxy request to the
eyeball.

This was then subsequently triggering unexpected retries to cloudflared
in situations such as cloudflared being unable to reach the origin.
2022-08-10 09:50:27 +01:00
.github TUN-6598: Remove auto assignees on github issues 2022-07-25 16:14:38 +01:00
.mac_resources AUTH-2712 mac package build script and better config file handling when started as a service 2020-06-25 16:44:57 -05:00
.teamcity TUN-6197: Publish to brew core should not try to open the browser 2022-05-11 15:26:05 +01:00
carrier carrier: fix dropped errors 2022-03-30 07:09:09 -07:00
certutil Fix typos 2021-11-12 17:38:06 +02:00
cfapi TUN-5915: New cloudflared command to allow to retrieve the token credentials for a Tunnel 2022-03-23 10:35:16 +00:00
cfio TUN-6035: Reduce buffer size when proxying data 2022-04-11 14:41:33 +00:00
cmd/cloudflared cURL supports stdin and uses os pipes directly without copying 2022-07-21 16:23:02 +00:00
component-tests TUN-6010: Add component tests for --edge-ip-version 2022-06-23 16:55:03 +00:00
config Merge pull request #656 from nikr-canva/http2-origins 2022-06-16 12:23:07 -05:00
connection TUN-6642: Fix unexpected close of quic stream triggered by upstream origin close 2022-08-10 09:50:27 +01:00
datagramsession TUN-6301: Allow to update logger used by UDP session manager 2022-05-30 13:53:27 +00:00
edgediscovery TUN-6388: Fix first tunnel connection not retrying 2022-06-23 16:55:03 +00:00
fips TUN-3905: Cannot run go mod vendor in cloudflared due to fips 2021-03-09 17:31:59 +04:00
h2mux TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
hello TUN-5164: Update README and clean up references to Argo Tunnel (using Cloudflare Tunnel instead) 2021-09-29 08:27:47 +00:00
ingress TUN-6639: Validate cyclic ingress configuration 2022-08-08 16:52:55 +00:00
ipaccess TUN-6016: Push local managed tunnels configuration to the edge 2022-05-06 15:43:24 +00:00
logger TUN-4067: Reformat code for consistent import order, grouping, and fix formatting. Added goimports target to the Makefile to make this easier in the future. 2021-03-24 10:53:29 -05:00
metrics TUN-6357: Add connector id to ready check endpoint 2022-06-08 17:35:23 +00:00
orchestration TUN-6576: Consume cf-trace-id from incoming TCP requests to create root span 2022-08-02 14:56:31 -07:00
overwatch AUTH-2169 make access login page more generic 2020-06-08 11:20:30 -05:00
proxy TUN-6576: Consume cf-trace-id from incoming TCP requests to create root span 2022-08-02 14:56:31 -07:00
quic TUN-6499: Remove log that is per datagram 2022-07-05 18:06:37 +01:00
retry TUN-3863: Consolidate header handling logic in the connection package; move headers definitions from h2mux to packages that manage them; cleanup header conversions 2021-03-29 21:57:56 +00:00
signal TUN-1562: Refactor connectedSignal to be safe to close multiple times 2019-03-05 15:51:35 -06:00
socks Fix typos 2021-11-12 17:38:06 +02:00
ssh_server_tests Fix typos 2021-11-12 17:38:06 +02:00
sshgen CC-796: Remove dependency on unsupported version of go-oidc 2022-03-18 18:16:10 +00:00
supervisor TUN-6576: Consume cf-trace-id from incoming TCP requests to create root span 2022-08-02 14:56:31 -07:00
tlsconfig TUN-5612: Make tls min/max version public visible 2022-01-03 18:13:57 +00:00
token TUN-6459: Add cloudflared user-agent to access calls 2022-06-24 11:51:53 -07:00
tracing TUN-6576: Consume cf-trace-id from incoming TCP requests to create root span 2022-08-02 14:56:31 -07:00
tunneldns TUN-5675: Remove github.com/dgrijalva/jwt-go dependency by upgrading coredns version 2022-01-25 15:24:13 +00:00
tunnelrpc TUN-6016: Push local managed tunnels configuration to the edge 2022-05-06 15:43:24 +00:00
tunnelstate TUN-5368: Log connection issues with LogLevel that depends on tunnel state 2021-11-10 09:00:05 +00:00
validation TUN-5164: Update README and clean up references to Argo Tunnel (using Cloudflare Tunnel instead) 2021-09-29 08:27:47 +00:00
vendor TUN-6637: Upgrade go version and quic-go 2022-08-08 15:49:10 +01:00
watcher TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
websocket TUN-6035: Reduce buffer size when proxying data 2022-04-11 14:41:33 +00:00
.docker-images TUN-4130: cloudflared docker images now have a latest tag 2022-04-07 13:13:57 +00:00
.dockerignore TUN-5129: Use go 1.17 and copy .git folder to docker build to compute version 2021-09-21 15:50:35 +00:00
.gitignore TUN-5853 Add "install" make target and build package manager info into executable 2022-03-08 15:31:14 -06:00
CHANGES.md TUN-6503: Fix transport fallback from QUIC in face of dial error "no network activity" 2022-07-06 13:05:45 +01:00
Dockerfile TUN-6637: Upgrade go version and quic-go 2022-08-08 15:49:10 +01:00
LICENSE TUN-5851: Update all references to point to Apache License 2.0 2022-03-08 17:35:31 +00:00
Makefile TUN-6362: Add armhf support to cloudflare packaging 2022-06-20 12:05:03 +01:00
README.md Warp Private Network link updated 2022-05-10 19:40:31 +05:30
RELEASE_NOTES Release 2022.7.1 2022-07-06 13:18:24 +01:00
build-packages-fips.sh TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
build-packages.sh TUN-6362: Add armhf support to cloudflare packaging 2022-06-20 12:05:03 +01:00
cfsetup.yaml TUN-6637: Upgrade go version and quic-go 2022-08-08 15:49:10 +01:00
check-fips.sh TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries 2021-12-20 21:50:42 +00:00
cloudflared.wxs TUN-4911: Append Environment variable to Path instead of overwriting it 2021-08-09 15:45:29 +01:00
cloudflared_man_template AUTH-2644: Change install location and add man page 2020-07-06 19:27:25 +00:00
dev.Dockerfile TUN-6637: Upgrade go version and quic-go 2022-08-08 15:49:10 +01:00
fmt-check.sh TUN-4067: Reformat code for consistent import order, grouping, and fix formatting. Added goimports target to the Makefile to make this easier in the future. 2021-03-24 10:53:29 -05:00
github_message.py AUTH-3148 fixed cloudflared copy and match all the files in the checksum upload 2020-10-06 11:39:40 -05:00
github_release.py Fix typos 2021-11-12 17:38:06 +02:00
go.mod TUN-6637: Upgrade go version and quic-go 2022-08-08 15:49:10 +01:00
go.sum TUN-6637: Upgrade go version and quic-go 2022-08-08 15:49:10 +01:00
jet.yaml TUN-5164: Update README and clean up references to Argo Tunnel (using Cloudflare Tunnel instead) 2021-09-29 08:27:47 +00:00
postinst.sh AUTH-2858: Set file to disable autoupdate 2020-07-10 18:03:07 +00:00
postrm.sh AUTH-2858: Set file to disable autoupdate 2020-07-10 18:03:07 +00:00
release_pkgs.py TUN-6362: Add armhf support to cloudflare packaging 2022-06-20 12:05:03 +01:00
wix.json AUTH-2712 mac package build script and better config file handling when started as a service 2020-06-25 16:44:57 -05:00

README.md

Cloudflare Tunnel client

Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins. This daemon sits between Cloudflare network and your origin (e.g. a webserver). Cloudflare attracts client requests and sends them to you via this daemon, without requiring you to poke holes on your firewall --- your origin can remain as closed as possible. Extensive documentation can be found in the Cloudflare Tunnel section of the Cloudflare Docs. All usages related with proxying to your origins are available under cloudflared tunnel help.

You can also use cloudflared to access Tunnel origins (that are protected with cloudflared tunnel) for TCP traffic at Layer 4 (i.e., not HTTP/websocket), which is relevant for use cases such as SSH, RDP, etc. Such usages are available under cloudflared access help.

You can instead use WARP client to access private origins behind Tunnels for Layer 4 traffic without requiring cloudflared access commands on the client side.

Before you get started

Before you use Cloudflare Tunnel, you'll need to complete a few steps in the Cloudflare dashboard: you need to add a website to your Cloudflare account. Note that today it is possible to use Tunnel without a website (e.g. for private routing), but for legacy reasons this requirement is still necessary:

  1. Add a website to Cloudflare
  2. Change your domain nameservers to Cloudflare

Installing cloudflared

Downloads are available as standalone binaries, a Docker image, and Debian, RPM, and Homebrew packages. You can also find releases here on the cloudflared GitHub repository.

User documentation for Cloudflare Tunnel can be found at https://developers.cloudflare.com/cloudflare-one/connections/connect-apps

Creating Tunnels and routing traffic

Once installed, you can authenticate cloudflared into your Cloudflare account and begin creating Tunnels to serve traffic to your origins.

TryCloudflare

Want to test Cloudflare Tunnel before adding a website to Cloudflare? You can do so with TryCloudflare using the documentation available here.

Deprecated versions

Cloudflare currently supports versions of cloudflared 2020.5.1 and later. Breaking changes unrelated to feature availability may be introduced that will impact versions released prior to 2020.5.1. You can read more about upgrading cloudflared in our developer documentation.

Version(s) Deprecation status
2020.5.1 and later Supported
Versions prior to 2020.5.1 No longer supported