Run as a service on Windows
You can install cloudflared
as a system service on Windows.
Configure cloudflared
as a service
By default, Cloudflare Tunnel expects all of the configuration to exist in the %USERPROFILE%\.cloudflared\config.yml
configuration file. The available options are documented on the configuration file reference, but at a minimum you must specify the following arguments to run as a service:
Argument | Description |
---|---|
tunnel |
The UUID of your tunnel |
credentials-file |
The location of the credentials file for your tunnel |
Run cloudflared
as a service
-
Download the latest
cloudflared
version. -
Create a new directory:
C:\Cloudflared\bin -
Copy the
.exe
file you downloaded in step 1 to the new directory and rename it tocloudflared.exe
. -
Open CMD as an administrator and go to
C:\Cloudflared\bin
. -
Run this command to install
cloudflared
:cloudflared.exe service install -
Next, run this command to create another directory:
mkdir C:\Windows\System32\config\systemprofile\.cloudflared -
Log in and authenticate
cloudflared
:cloudflared.exe login -
The login command will generate a
cert.pem
file and save it to your user profile by default. Copy the file to the.cloudflared
folder created in step 5 using this command:copy C:\Users\%USERNAME%\.cloudflared\cert.pem C:\Windows\System32\config\systemprofile\.cloudflared\cert.pem -
Next, create a tunnel:
cloudflared.exe tunnel create <Tunnel Name>This will generate a credentials file in
.json
format. -
Create a configuration file with the following content:
tunnel: <Tunnel ID>credentials-file: C:\Windows\System32\config\systemprofile\.cloudflared\<Tunnel-ID>.json# Uncomment the following two lines if you are using self-signed certificates in your origin server# originRequest:# noTLSVerify: trueingress:- hostname: app.mydomain.comservice: https://internal.mydomain.com- service: http_status:404logfile: C:\Cloudflared\cloudflared.log -
Copy the credentials file to the folder created in step 6:
copy C:\Users\%USERNAME%\.cloudflared\<Tunnel-ID>.json C:\Windows\System32\config\systemprofile\.cloudflared\<Tunnel-ID>.json -
Validate the ingress rule entries in your configuration file using the command:
cloudflared.exe tunnel ingress validate -
In the Registry Editor, go to
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cloudflared
. -
In the Cloudflared registry entry, modify
ImagePath
to point to thecloudflared.exe
andconfig.yml
files. Make sure that there are no extra spaces or characters while you modify the registry entry, as this could cause problems with starting the service.C:\Cloudflared\bin\cloudflared.exe --config=C:\Users\%USERNAME%\.cloudflared\config.yml tunnel run -
If the service does not start, run the following command from
C:\Cloudflared\bin
:sc start cloudflaredYou will see the output below:
SERVICE_NAME: cloudflaredTYPE : 10 WIN32_OWN_PROCESSSTATE : 2 START_PENDING(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0 (0x0)SERVICE_EXIT_CODE : 0 (0x0)CHECKPOINT : 0x0WAIT_HINT : 0x7d0PID : 3548FLAGS :
Next steps
You can now route traffic through your tunnel. If you add IP routes or otherwise change the configuration, restart the service to load the new configuration:
sc stop cloudflaredsc start cloudflared