cloudflared

Cloudflared is the command-line client for Cloudflare Tunnel, written in Go. Its job is to create a protected connection between a server you run (called your origin, for example a web server) and Cloudflare's network. According to the README, the program runs as a small background service that sits between Cloudflare and your origin. Visitor requests arrive at Cloudflare first, and Cloudflare passes them to your server through this connection.

The benefit the README highlights is that you do not have to open ports in your firewall. Normally, exposing a server to the internet means leaving an opening that anyone might try to reach. With a tunnel, your server makes an outbound connection to Cloudflare instead, so it can stay closed to the outside world while still serving traffic. The relevant commands live under cloudflared tunnel.

There is a second use covered by cloudflared access. This lets you reach tunnel-protected servers for non-web traffic at a lower network level, which the README says is useful for things like SSH or remote desktop. The README notes you can alternatively use Cloudflare's WARP client for that private access without running these access commands yourself.

Before using it, the README explains you need a Cloudflare account with a website added and your domain pointed at Cloudflare's name servers. Installation options are wide: standalone downloads, a Docker image, and packages for Debian, RPM, and Homebrew, covering macOS, Linux, and Windows. You can also build it from source with make cloudflared.

The rest of the README covers creating tunnels and routing traffic to them, a TryCloudflare option for testing before adding a website, a support policy that keeps versions within one year of the latest release, and developer instructions for building, testing, and linting the code.