cloudflared tunnel run
Proxy a local web server by running the given tunnel
Options
| Name | Description |
|---|---|
--config <value> | Specifies a config file in YAML format. (default: "/usr/local/etc/cloudflared/config.yml") |
--origincert <value> | Path to the certificate generated for your origin when you run cloudflared login. [$TUNNEL_ORIGIN_CERT] |
--autoupdate-freq <value> | Autoupdate frequency. Default is 24h0m0s. (default: 24h0m0s) |
--no-autoupdate | Disable periodic check for updates, restarting the server with the new version. (default: false) [$NO_AUTOUPDATE] |
--metrics <value> | Listen address for metrics reporting. (default: "localhost:") [$TUNNEL_METRICS] |
--pidfile <value> | Write the application's PID to this file after first successful connection. [$TUNNEL_PIDFILE] |
--loglevel <value> | Application logging level {debug, info, warn, error, fatal}. At debug level cloudflared will log request URL, method, protocol, content length, as well as, all request and response headers. This can expose sensitive information in your logs. (default: "info") [$TUNNEL_LOGLEVEL] |
--transport-loglevel, --proto-loglevel <value> | Transport logging level(previously called protocol logging level) {debug, info, warn, error, fatal} (default: "info") [$TUNNEL_PROTO_LOGLEVEL, $TUNNEL_TRANSPORT_LOGLEVEL] |
--logfile <value> | Save application log to this file for reporting issues. [$TUNNEL_LOGFILE] |
--log-directory <value> | Save application log to this directory for reporting issues. [$TUNNEL_LOGDIRECTORY] |
--trace-output <value> | Name of trace output file, generated when cloudflared stops. [$TUNNEL_TRACE_OUTPUT] |
--force, -f | By default, if a tunnel is currently being run from a cloudflared, you can't simultaneously rerun it again from a second cloudflared. The --force flag lets you overwrite the previous tunnel. If you want to use a single hostname with multiple tunnels, you can do so with Cloudflare's Load Balancer product. (default: false) |
--credentials-file, --cred-file <value> | Filepath at which to read/write the tunnel credentials [$TUNNEL_CRED_FILE] |
--credentials-contents <value> | Contents of the tunnel credentials JSON file to use. When provided along with credentials-file, this will take precedence. [$TUNNEL_CRED_CONTENTS] |
--features, -F <value> | Opt into various features that are still being developed or tested. (accepts multiple inputs) |
--token <value> | The Tunnel token. When provided along with credentials, this will take precedence. [$TUNNEL_TOKEN] |
--url <URL> | Connect to the local webserver at URL. (default: "http://localhost:8080") [$TUNNEL_URL] |
--hello-world | Run Hello World Server (default: false) [$TUNNEL_HELLO_WORLD] |
--socks5 | Specify if this tunnel is running as a SOCK5 Server This flag only takes effect if you define your origin with --url and if you do not use ingress rules. The recommended way is to rely on ingress rules and define this property under `originRequest` as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress (default: false) [$TUNNEL_SOCKS] |
--proxy-connect-timeout | HTTP proxy timeout for establishing a new connection This flag only takes effect if you define your origin with --url and if you do not use ingress rules. The recommended way is to rely on ingress rules and define this property under `originRequest` as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress (default: 30s) |
--proxy-tls-timeout | HTTP proxy timeout for completing a TLS handshake This flag only takes effect if you define your origin with --url and if you do not use ingress rules. The recommended way is to rely on ingress rules and define this property under `originRequest` as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress (default: 10s) |
--proxy-tcp-keepalive | HTTP proxy TCP keepalive duration This flag only takes effect if you define your origin with --url and if you do not use ingress rules. The recommended way is to rely on ingress rules and define this property under `originRequest` as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress (default: 30s) |
--proxy-no-happy-eyeballs | HTTP proxy should disable "happy eyeballs" for IPv4/v6 fallback This flag only takes effect if you define your origin with --url and if you do not use ingress rules. The recommended way is to rely on ingress rules and define this property under `originRequest` as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress (default: false) |
--proxy-keepalive-connections | HTTP proxy maximum keepalive connection pool size This flag only takes effect if you define your origin with --url and if you do not use ingress rules. The recommended way is to rely on ingress rules and define this property under `originRequest` as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress (default: 100) |
--proxy-keepalive-timeout | HTTP proxy timeout for closing an idle connection This flag only takes effect if you define your origin with --url and if you do not use ingress rules. The recommended way is to rely on ingress rules and define this property under `originRequest` as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress (default: 1m30s) |
--proxy-connection-timeout | DEPRECATED. No longer has any effect. (default: 1m30s) |
--proxy-expect-continue-timeout | DEPRECATED. No longer has any effect. (default: 1m30s) |
--http-host-header | Sets the HTTP Host header for the local webserver. This flag only takes effect if you define your origin with --url and if you do not use ingress rules. The recommended way is to rely on ingress rules and define this property under `originRequest` as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress [$TUNNEL_HTTP_HOST_HEADER] |
--origin-server-name | Hostname on the origin server certificate. This flag only takes effect if you define your origin with --url and if you do not use ingress rules. The recommended way is to rely on ingress rules and define this property under `originRequest` as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress [$TUNNEL_ORIGIN_SERVER_NAME] |
--unix-socket <value> | Path to unix socket to use instead of --url [$TUNNEL_UNIX_SOCKET] |
--origin-ca-pool | Path to the CA for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. This flag only takes effect if you define your origin with --url and if you do not use ingress rules. The recommended way is to rely on ingress rules and define this property under `originRequest` as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress [$TUNNEL_ORIGIN_CA_POOL] |
--no-tls-verify | Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Note: The connection from your machine to Cloudflare's Edge is still encrypted. This flag only takes effect if you define your origin with --url and if you do not use ingress rules. The recommended way is to rely on ingress rules and define this property under `originRequest` as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress (default: false) [$NO_TLS_VERIFY] |
--no-chunked-encoding | Disables chunked transfer encoding; useful if you are running a WSGI server. This flag only takes effect if you define your origin with --url and if you do not use ingress rules. The recommended way is to rely on ingress rules and define this property under `originRequest` as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress (default: false) [$TUNNEL_NO_CHUNKED_ENCODING] |
--bastion | Runs as jump host (default: false) [$TUNNEL_BASTION] |
--proxy-address <value> | Listen address for the proxy. (default: "127.0.0.1") [$TUNNEL_PROXY_ADDRESS] |
--proxy-port <value> | Listen port for the proxy. (default: 0) [$TUNNEL_PROXY_PORT] |