Tunnels
Yes. With Named Tunnels you can create a CNAME at the apex that points to the named tunnel.
Yes. Cloudflare Tunnel has full support for Websockets.
Yes.
Cloudflare Tunnel supports gRPC traffic via private subnet routing. Public hostname deployments are not currently supported.
Cloudflare offers two modes of setup: Full Setup, in which the domain uses Cloudflare DNS nameservers, and Partial Setup (also known as CNAME setup) in which the domain uses non-Cloudflare DNS servers.
The best experience with Cloudflare Tunnel is using Full Setup because Cloudflare manages DNS for the domain and can automatically configure DNS records for newly started Tunnels.
You can still use Tunnel with Partial Setup. You will need to create a new DNS record with your current DNS provider for each new hostname connected through Cloudflare Tunnel. The DNS record should be of type CNAME or ALIAS if it is on the root of the domain. The name of the record should be the subdomain it corresponds to (e.g. example.com
or tunnel.example.com
) and the value of the record should be subdomain.domain.tld.cdn.cloudflare.net
. (e.g. example.com.cdn.cloudflare.net
or tunnel.example.com.cdn.cloudflare.net
)
Tunnel can expose web applications to the Internet that sit behind a NAT or firewall. Thus, you can keep your web server otherwise completely locked down. To double check that your origin web server is not responding to requests outside Cloudflare while Tunnel is running you can run netcat in the command line:
If your server is still responding on those ports, you will see:
If your server is correctly locked down, you will see:
Named Tunnels can be routed via DNS records, in which case we use CNAME records to point to the <UUID>.cfargotunnel.com
; Or as Load Balancing endpoints, which also point to <UUID>.cfargotunnel.com
.
No. When using Cloudflare Tunnel, all requests to the origin are made internally between cloudflared
and the origin.
To log external visitor IPs, you will need to configure an alternative method.
Cloudflare Tunnel was previously named Warp during the beta phase. As Warp was added to the Argo product family, we changed the name to Argo Tunnel to match. Once we no longer required users to purchase Argo to create Tunnels, we renamed Argo Tunnel to Cloudflare Tunnel.
For more information about migrating from Argo Tunnel, refer to Migrate legacy tunnels.
No. You cannot undo a tunnel deletion. If the tunnel was locally-managed, its config.yaml
file will still be present and you can create a new tunnel with the same configuration. If the tunnel was remotely-managed, both the tunnel and its configuration are permanently deleted.
Before contacting the Cloudflare support team:
-
Take note of any specific error messages and/or problematic behaviors.
-
Take note of any options you specified, either on the command line or in your configuration file, when starting your tunnel.
-
Make sure that
cloudflared
is updated to the latest version. -
Gather any relevant error/access logs from your server.
Set loglevel
to debug
, so the Cloudflare support team can get more info from the cloudflared.log
file.
-
Include your Cloudflare Tunnel logs file (
cloudflared.log
). If you did not specify a log file when starting your tunnel, you can do so using thelogfile
option either on the command line or in your configuration file. -
Include your full
config.yml
file for the affected tunnel.
Before contacting the Cloudflare support team:
-
Take note of any specific error messages and/or problematic behaviors.
-
Make sure that
cloudflared
is updated to the latest version. -
Gather any relevant error/access logs from your server.
-
Include your Cloudflare Tunnel logs file (
cloudflared.log
). If you did not specify a log file when starting your tunnel, add--logfile <PATH>
and--loglevel debug
to your system service configuration. To modify the system service, refer to Configure a remotely-managed tunnel.