Setup

Create a Cloudflare Tunnel and publish your first application in under 5 minutes.

Prerequisites

• A Cloudflare account ↗
• A domain on Cloudflare (required to publish applications)
• A server or VM with internet access where you will install cloudflared

Tip

If your server is behind a restrictive firewall, verify it can reach Cloudflare on port 7844 before proceeding. Refer to Connection errors.

Create a tunnel

To create a new Cloudflare Tunnel:

Dashboard

1. In the Cloudflare dashboard ↗, go to Networking > Tunnels.

   Go to Tunnels

2. Select Create Tunnel.

3. Enter a name for your tunnel (for example, production-web or staging-api).

4. Select Create Tunnel.

5. Under Setup Environment, select the operating system and architecture of your server.

6. Copy the install commands shown under Install and Run and run them in a terminal on your server.

7. Once the tunnel connects, select Continue.

Your tunnel should appear on the Tunnels page with a Healthy status.

API

1. Create an API token with the following permissions:

   Type	Item	Permission
   Account	Cloudflare Tunnel	Edit
   Zone	DNS	Edit

2. Create a tunnel:

   Required API token permissions

   At least one of the following token permissions is required:

   • Cloudflare One Connectors Write
   • Cloudflare One Connector: cloudflared Write
   • Cloudflare Tunnel Write

   Create a Cloudflare Tunnel

   curl "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/cfd_tunnel" \
     --request POST \
     --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
     --json '{
       "name": "api-tunnel",
       "config_src": "cloudflare"
     }'

3. Copy the id and token values from the response. You will need them to configure and run the tunnel.

Publish an application

To make an application accessible from the Internet, add a published application route to your tunnel. The tunnel route maps a public hostname to a local service.

Dashboard

1. In the Cloudflare dashboard ↗, go to Networking > Tunnels and select your tunnel. Go to Tunnels

2. Under Routes, select Add route.

3. Select Published application.

4. Under Hostname, enter a subdomain and select a domain from the drop-down menu.

5. For Service URL, enter the local address and port of your application.

   For example, if your web server runs on the same machine as cloudflared:

   • HTTP on port 80: http://localhost:80
   • HTTPS on port 443: https://localhost:443

   If your web server runs on a different machine: http://192.0.2.1:80

6. Select Add route.

API

1. Configure your tunnel's ingress rules:

   Required API token permissions

   At least one of the following token permissions is required:

   • Cloudflare One Connectors Write
   • Cloudflare One Connector: cloudflared Write
   • Cloudflare Tunnel Write

   Put configuration

   curl "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/cfd_tunnel/$TUNNEL_ID/configurations" \
     --request PUT \
     --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
     --json '{
       "config": {
           "ingress": [
               {
                   "hostname": "app.example.com",
                   "service": "http://localhost:80",
                   "originRequest": {}
               },
               {
                   "service": "http_status:404"
               }
           ]
       }
     }'

   Your ingress rules must include a catch-all rule at the end. In this example, cloudflared will respond with a 404 status code when the request does not match any hostname.

2. Create a DNS record for your application:

   Required API token permissions

   At least one of the following token permissions is required:

   • DNS Write

   Create DNS Record

   curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \
     --request POST \
     --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
     --json '{
       "type": "CNAME",
       "proxied": true,
       "name": "app.example.com",
       "content": "<TUNNEL_ID>.cfargotunnel.com"
     }'

3. Install cloudflared on your server and run the tunnel using the token obtained in Create a tunnel:

   Linux

   1. Download and install ↗ cloudflared.

   2. Run the following command:

      sudo cloudflared service install <TUNNEL_TOKEN>

   Windows

   1. Download and install cloudflared.

   2. Open Command Prompt as administrator.

   3. Run the following command:

      cloudflared.exe service install <TUNNEL_TOKEN>

   macOS

   1. Download and install cloudflared.

   2. Open a terminal window and run the following command:

      sudo cloudflared service install <TUNNEL_TOKEN>

   Docker

   1. Open a terminal window.

   2. Run the following command:

      docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token <TUNNEL_TOKEN>

Your application is now live at the hostname you configured. Cloudflare automatically proxies traffic through its network, applying CDN caching, WAF, and DDoS protection.

Note

Non-HTTP services (SSH, TCP, RDP) require cloudflared on the client side. Refer to the protocols reference for details.

Quick tunnels (development)

For local development, you can instantly expose localhost without a Cloudflare account:

cloudflared tunnel --url http://localhost:8080

This generates a random trycloudflare.com subdomain that proxies traffic to your local server. Quick tunnels are for testing only — they have a 200 concurrent request limit and do not support Server-Sent Events (SSE).

For production use, create a tunnel instead.

Next steps

• Routing — Configure DNS records, load balancers, and protocol support.
• Configuration — Deploy replicas, manage tokens, and tune performance.
• Deployment guides — Deploy on Kubernetes, AWS, GCP, Terraform, and more.
• Troubleshooting — Resolve common errors and connectivity issues.