Convert Figma logo to code with AI

cloudflare logocloudflared

Cloudflare Tunnel client (formerly Argo Tunnel)

9,063
799
9,063
387
View on GitHub

Top Related Projects

StreisandEffect's avatar

streisand

23,178

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.

trailofbits's avatar

algo

28,868

Set up a personal VPN in the cloud

ory's avatar

oathkeeper

3,230

A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.

gravitational's avatar

teleport

17,474

The easiest, and most secure way to access and protect all of your infrastructure.

pomerium's avatar

pomerium

4,001

Pomerium is an identity and context-aware access proxy.

Quick Overview

Cloudflared is the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the public internet to your origins. It enables you to expose web servers, APIs, and other services securely without opening ports on your firewall or configuring complex network settings.

Pros

  • Secure remote access without exposing services directly to the internet
  • Easy setup and management of tunnels through Cloudflare's dashboard
  • Supports various protocols including HTTP, HTTPS, SSH, and RDP
  • Integrates well with Cloudflare's other security and performance features

Cons

  • Requires a Cloudflare account and domain
  • May introduce additional latency compared to direct connections
  • Limited customization options for advanced networking scenarios
  • Dependency on Cloudflare's infrastructure and potential single point of failure

Getting Started

  1. Install cloudflared:

    brew install cloudflare/cloudflare/cloudflared

  2. Authenticate cloudflared:

    cloudflared tunnel login

  3. Create a tunnel:

    cloudflared tunnel create my-tunnel

  4. Configure your tunnel in ~/.cloudflared/config.yml:

    tunnel: <TUNNEL_ID>
credentials-file: /path/to/credentials.json

ingress:
  - hostname: example.com
    service: http://localhost:8000
  - service: http_status:404

  5. Run the tunnel:

    cloudflared tunnel run my-tunnel

For more detailed instructions and advanced configurations, refer to the official Cloudflare documentation.

Competitor Comparisons

StreisandEffect logo

streisand

23,178

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.

Pros of Streisand

  • Offers a wider range of VPN and proxy protocols, providing more flexibility for users
  • Designed for self-hosting, giving users full control over their privacy infrastructure
  • Automates the setup process for multiple privacy tools, reducing complexity for users

Cons of Streisand

  • Requires more technical knowledge to set up and maintain compared to Cloudflared
  • May have higher operational costs due to self-hosting requirements
  • Less frequent updates and potentially slower security patch implementation

Code Comparison

Streisand (Ansible playbook excerpt):

- name: Install OpenVPN
  apt:
    name: openvpn
    state: present

- name: Configure OpenVPN server
  template:
    src: openvpn-server.conf.j2
    dest: /etc/openvpn/server.conf

Cloudflared (Go code excerpt):

func (t *Tunnel) ServeTunnel(ctx context.Context, connIndex uint8, c net.Conn, config *TunnelConfig) error {
    defer c.Close()
    return t.connectionManager.Serve(ctx, connIndex, c, config)
}

The code snippets highlight the different approaches: Streisand uses Ansible for configuration management, while Cloudflared is written in Go and focuses on tunnel management.

trailofbits logo

algo

28,868

Set up a personal VPN in the cloud

Pros of Algo

  • Focuses on creating personal VPN servers, offering more privacy control
  • Supports multiple cloud providers, giving users flexibility in deployment
  • Emphasizes security with strong encryption and automatic updates

Cons of Algo

  • Requires more technical knowledge to set up and maintain
  • Limited to VPN functionality, lacking broader network management features
  • May have higher operational costs due to cloud provider fees

Code Comparison

Algo (Ansible playbook snippet):

- name: Install strongSwan
  apt:
    name:
      - strongswan
      - strongswan-plugin-eap-mschapv2
    state: present

Cloudflared (Go code snippet):

func (t *Tunnel) ServeTunnel(ctx context.Context, connIndex uint8, conn net.Conn, config *TunnelConfig) error {
    // Tunnel serving logic
    return nil
}

The code snippets highlight the different approaches: Algo uses Ansible for configuration management, while Cloudflared is written in Go for performance. Algo focuses on VPN setup, whereas Cloudflared manages tunnel connections for various Cloudflare services.

ory logo

oathkeeper

3,230

A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.

Pros of Oathkeeper

  • More flexible and customizable authentication and authorization rules
  • Supports a wider range of identity providers and authentication methods
  • Can be used as a standalone service or integrated into existing infrastructure

Cons of Oathkeeper

  • Steeper learning curve and more complex setup compared to Cloudflared
  • Requires more manual configuration and maintenance
  • May have higher resource requirements for large-scale deployments

Code Comparison

Oathkeeper configuration example:

access_rules:
  - id: "some-rule"
    match:
      url: "http://<protected-service>/<.*>"
      methods:
        - GET
    authenticators:
      - handler: jwt
    authorizer:
      handler: allow
    mutators:
      - handler: id_token

Cloudflared configuration example:

tunnel: example-tunnel
credentials-file: /path/to/credentials.json
ingress:
  - hostname: example.com
    service: http://localhost:8000
  - service: http_status:404

The code examples highlight the difference in complexity and flexibility between the two projects. Oathkeeper offers more granular control over access rules and authentication methods, while Cloudflared provides a simpler configuration focused on tunnel creation and traffic routing.

gravitational logo

teleport

17,474

The easiest, and most secure way to access and protect all of your infrastructure.

Pros of Teleport

  • More comprehensive access management solution, covering SSH, Kubernetes, databases, and web applications
  • Built-in audit logging and session recording for enhanced security and compliance
  • Supports role-based access control (RBAC) for fine-grained permissions

Cons of Teleport

  • More complex setup and configuration compared to Cloudflared
  • Requires more resources to run and maintain
  • May have a steeper learning curve for users and administrators

Code Comparison

Teleport configuration example:

teleport:
  nodename: example-node
  data_dir: /var/lib/teleport
  auth_token: secret-token-value
  auth_servers:
    - auth.example.com:3025

Cloudflared configuration example:

tunnel: example-tunnel
credentials-file: /path/to/credentials.json
ingress:
  - hostname: example.com
    service: http://localhost:8000
  - service: http_status:404

Both projects aim to provide secure access to resources, but Teleport offers a more comprehensive solution for various protocols and services, while Cloudflared focuses primarily on tunneling HTTP traffic. Teleport's configuration is more extensive due to its broader feature set, while Cloudflared's configuration is simpler and more focused on tunnel setup.

pomerium logo

pomerium

4,001

Pomerium is an identity and context-aware access proxy.

Pros of Pomerium

  • Open-source and self-hosted, offering greater control and customization
  • Supports multiple identity providers and protocols (e.g., OIDC, OAuth2, SAML)
  • Provides more advanced access control features, including policy-based authorization

Cons of Pomerium

  • Steeper learning curve and more complex setup compared to Cloudflared
  • Requires more infrastructure management and maintenance
  • Smaller community and ecosystem compared to Cloudflare's offerings

Code Comparison

Pomerium configuration example:

authenticate:
  idp:
    provider: okta
    clientID: ${IDP_CLIENT_ID}
    clientSecret: ${IDP_CLIENT_SECRET}
    url: https://example.okta.com

Cloudflared configuration example:

tunnel: 6ff42ae2-765d-4adf-8112-31c55c1551ef
credentials-file: /root/.cloudflared/6ff42ae2-765d-4adf-8112-31c55c1551ef.json
ingress:
  - hostname: example.com
    service: http://localhost:8000

Both Pomerium and Cloudflared offer secure access to internal resources, but they cater to different use cases. Pomerium is more suitable for organizations requiring fine-grained access control and multi-provider support, while Cloudflared is simpler to set up and integrates seamlessly with Cloudflare's ecosystem.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Cloudflare Tunnel client

Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins. This daemon sits between Cloudflare network and your origin (e.g. a webserver). Cloudflare attracts client requests and sends them to you via this daemon, without requiring you to poke holes on your firewall --- your origin can remain as closed as possible. Extensive documentation can be found in the Cloudflare Tunnel section of the Cloudflare Docs. All usages related with proxying to your origins are available under cloudflared tunnel help.

You can also use cloudflared to access Tunnel origins (that are protected with cloudflared tunnel) for TCP traffic at Layer 4 (i.e., not HTTP/websocket), which is relevant for use cases such as SSH, RDP, etc. Such usages are available under cloudflared access help.

You can instead use WARP client to access private origins behind Tunnels for Layer 4 traffic without requiring cloudflared access commands on the client side.

Before you get started

Before you use Cloudflare Tunnel, you'll need to complete a few steps in the Cloudflare dashboard: you need to add a website to your Cloudflare account. Note that today it is possible to use Tunnel without a website (e.g. for private routing), but for legacy reasons this requirement is still necessary:

  1. Add a website to Cloudflare
  2. Change your domain nameservers to Cloudflare

Installing cloudflared

Downloads are available as standalone binaries, a Docker image, and Debian, RPM, and Homebrew packages. You can also find releases here on the cloudflared GitHub repository.

User documentation for Cloudflare Tunnel can be found at https://developers.cloudflare.com/cloudflare-one/connections/connect-apps

Creating Tunnels and routing traffic

Once installed, you can authenticate cloudflared into your Cloudflare account and begin creating Tunnels to serve traffic to your origins.

TryCloudflare

Want to test Cloudflare Tunnel before adding a website to Cloudflare? You can do so with TryCloudflare using the documentation available here.

Deprecated versions

Cloudflare currently supports versions of cloudflared that are within one year of the most recent release. Breaking changes unrelated to feature availability may be introduced that will impact versions released more than one year ago. You can read more about upgrading cloudflared in our developer documentation.

For example, as of January 2023 Cloudflare will support cloudflared version 2023.1.1 to cloudflared 2022.1.1.