cloudflare/cloudflared

★ 14,179GoAudience · ops devopsComplexity · 3/5Setup · moderate

Mindmap

mindmap
  root((cloudflared))
    What it does
      Secure tunnel to Cloudflare
      No firewall ports needed
      SSH and remote access
    Tech Stack
      Go
      Docker
      Cloudflare network
    Installation
      Standalone binary
      Docker image
      Homebrew Debian RPM
    Use cases
      Expose local servers
      Secure SSH access
      Zero-trust networking

mindmap root((cloudflared)) What it does Secure tunnel to Cloudflare No firewall ports needed SSH and remote access Tech Stack Go Docker Cloudflare network Installation Standalone binary Docker image Homebrew Debian RPM Use cases Expose local servers Secure SSH access Zero-trust networking

Click or tap to explore — scroll the page freely

Things people build with this

USE CASE 1

Expose a local web server to the internet without opening firewall ports or configuring port forwarding on your router

USE CASE 2

Set up secure SSH access to a home server or internal machine through Cloudflare's network

USE CASE 3

Create a zero-trust private network so remote team members can reach internal services without a VPN

Tech stack

GoDockerMake

Getting it running

Difficulty · moderate Time to first run · 30min

Requires a Cloudflare account with a domain pointed at Cloudflare's nameservers before a named tunnel can be created.

License terms not specified in the explanation.

In plain English

Cloudflared is the command-line client for Cloudflare Tunnel, written in Go. Its job is to create a protected connection between a server you run (called your origin, for example a web server) and Cloudflare's network. According to the README, the program runs as a small background service that sits between Cloudflare and your origin. Visitor requests arrive at Cloudflare first, and Cloudflare passes them to your server through this connection. The benefit the README highlights is that you do not have to open ports in your firewall. Normally, exposing a server to the internet means leaving an opening that anyone might try to reach. With a tunnel, your server makes an outbound connection to Cloudflare instead, so it can stay closed to the outside world while still serving traffic. The relevant commands live under cloudflared tunnel. There is a second use covered by cloudflared access. This lets you reach tunnel-protected servers for non-web traffic at a lower network level, which the README says is useful for things like SSH or remote desktop. The README notes you can alternatively use Cloudflare's WARP client for that private access without running these access commands yourself. Before using it, the README explains you need a Cloudflare account with a website added and your domain pointed at Cloudflare's name servers. Installation options are wide: standalone downloads, a Docker image, and packages for Debian, RPM, and Homebrew, covering macOS, Linux, and Windows. You can also build it from source with make cloudflared. The rest of the README covers creating tunnels and routing traffic to them, a TryCloudflare option for testing before adding a website, a support policy that keeps versions within one year of the latest release, and developer instructions for building, testing, and linting the code.

Copy-paste prompts

Prompt 1

Walk me through setting up cloudflared to expose my localhost:3000 Next.js dev server to the internet for sharing with a client

Prompt 2

How do I run cloudflared as a systemd service on Ubuntu so my tunnel restarts automatically after a reboot

Prompt 3

Set up SSH access to my home server through a Cloudflare Tunnel so I can connect without opening port 22 in my firewall

Prompt 4

What is the difference between cloudflared tunnel and cloudflared access and when should I use each one

Open on GitHub → Explain another repo

← cloudflare on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.