Configure a remotely-managed tunnel
If you created a Cloudflare Tunnel from the dashboard, the tunnel runs as a service on your OS.
Add tunnel run parameters
You can modify the Cloudflare Tunnel service with one or more general-purpose tunnel parameters.
On Linux, Cloudflare Tunnel installs itself as a system service using systemctl
. By default, the service will be named cloudflared.service
. To configure your tunnel on Linux:
Open
cloudflared.service
.$ sudo systemctl edit --full cloudflared.serviceModify the
cloudflared tunnel run
command with the desired configuration flag. For example,[Unit]Description=Cloudflare TunnelAfter=network.target[Service]TimeoutStartSec=0Type=notifyExecStart=/usr/local/bin/cloudflared tunnel --loglevel debug --logfile <PATH> run --token <TOKEN VALUE>Restart=on-failureRestartSec=5s
On macOS, Cloudflare Tunnel installs itself as a launch agent using launchctl
. By default, the agent will be called com.cloudflare.cloudflared
. To configure your tunnel on macOS:
Stop the
cloudflared
service.$ sudo launchctl stop com.cloudflare.cloudflaredUnload the configuration file.
$ sudo launchctl unload /Library/LaunchDaemons/com.cloudflare.cloudflared.plistOpen
/Library/LaunchDaemons/com.cloudflare.cloudflared.plist
in a text editor.Modify the
ProgramArguments
key with the desired configuration flag. For example,<plist version="1.0"><dict><key>Label</key><string>com.cloudflare.cloudflared</string><key>ProgramArguments</key><array><string>/opt/homebrew/bin/cloudflared</string><string>tunnel</string><string>--logfile</string><string><PATH></string><string>--loglevel</string><string>debug</string><string>run</string><string>--token</string><string><TOKEN VALUE> </string></array>Load the updated configuration file.
$ sudo launchctl load /Library/LaunchDaemons/com.cloudflare.cloudflared.plistStart the
cloudflared
service.$ sudo launchctl start com.cloudflare.cloudflared
On Windows, Cloudflare Tunnel installs itself as a system service using the Registry Editor. By default, the service will be named cloudflared
. To configure your tunnel on Windows:
Open the Registry Editor.
Go to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > cloudflared.
Double-click ImagePath.
Modify Value data with the desired configuration flag. For example,
C:\Program Files (x86)\cloudflared\.\cloudflared.exe tunnel --loglevel debug --logfile <PATH> run --token <TOKEN VALUE>
Update origin configuration
To configure how cloudflared
sends requests to your public hostname services:
- In Zero Trust, go to Networks > Tunnels.
- Choose a tunnel and select Configure.
- Select the Public Hostname tab.
- Choose a route and select Edit.
- Under Additional application settings, modify one or more origin configuration parameters.
- Select Save hostname.
Tunnel permissions
A remotely-managed tunnel only requires the tunnel token to run. Anyone with access to the token will be able to run the tunnel. You can get a tunnel’s token from the dashboard or via the API.
Account members with Cloudflare Access and DNS permissions will be able to create, delete, and configure all tunnels for the account.