Skip to content

TunnelConfiguration

Source: src/Cloudflare/Tunnel/Configuration.ts

Routing configuration for a remotely-managed Cloudflare Tunnel.

Cloudflare exposes the cfd_tunnel configuration as a single PUT-style document per tunnel — ingress rules in order, plus optional default originRequest settings. This resource owns that document; it is the declarative equivalent of editing a tunnel’s Public Hostname or Private Hostname rules in the Zero Trust dashboard.

The catch-all rule (final ingress entry with no hostname) is appended automatically — Cloudflare rejects PUTs whose last rule has a hostname, and forgetting it is a common foot-gun. Override the auto-appended service via {@link TunnelConfigurationProps.catchAllService}.

Routing a private hostname through a tunnel

Section titled “Routing a private hostname through a tunnel”
yield* Cloudflare.TunnelConfiguration("AdminIngress", {
  tunnelId: tunnel.tunnelId,
  ingress: [
    {
      hostname: "cluster-admin.microagi",
      service: "http://research-ui.admin.svc.cluster.local:80",
    },
  ],
});

Multiple hostnames + custom catch-all

Section titled “Multiple hostnames + custom catch-all”
yield* Cloudflare.TunnelConfiguration("Ingress", {
  tunnelId: tunnel.tunnelId,
  ingress: [
    { hostname: "ui.internal", service: "http://ui.app.svc.cluster.local:80" },
    { hostname: "api.internal", service: "http://api.app.svc.cluster.local:8080" },
  ],
  catchAllService: "http_status:503",
});