Skip to content

DirectoryService

Source: src/Cloudflare/Connectivity/DirectoryService.ts

A Cloudflare Connectivity Directory service — a named entry in the account’s private-network service directory that maps a service name to a private host (IP or hostname) reachable through a Cloudflare Tunnel.

Directory services are the registry behind Workers VPC and Zero Trust private-network connectivity: a tcp service describes a database-style origin (with an optional appProtocol hint), an http service describes an HTTP/HTTPS origin with explicit ports.

Names are unique within the account. All properties — including the host and even the protocol type — are mutable in place via a full PUT; nothing forces a replacement except moving accounts.

Creating a Directory Service

Section titled “Creating a Directory Service”

TCP database service through a tunnel

const tunnel = yield* Cloudflare.Tunnel("DbTunnel", {
  ingress: [{ service: "tcp://localhost:5432" }],
});
const db = yield* Cloudflare.DirectoryService("Postgres", {
  type: "tcp",
  tcpPort: 5432,
  appProtocol: "postgresql",
  host: { ipv4: "10.0.0.21", network: { tunnelId: tunnel.tunnelId } },
});

HTTP service on a private hostname

const api = yield* Cloudflare.DirectoryService("InternalApi", {
  type: "http",
  httpPort: 8080,
  httpsPort: 8443,
  host: {
    hostname: "api.internal",
    resolverNetwork: { tunnelId: tunnel.tunnelId, resolverIps: ["10.0.0.53"] },
  },
});

Updating

Section titled “Updating”
// Host, ports, name, and TLS settings are all mutable — the service
// keeps its serviceId across updates.
const db = yield* Cloudflare.DirectoryService("Postgres", {
  type: "tcp",
  tcpPort: 5432,
  host: {
    hostname: "db.internal",
    resolverNetwork: { tunnelId: tunnel.tunnelId },
  },
});