Skip to content

TunnelReadWrite

Source: src/Cloudflare/Tunnel/TunnelReadWrite.ts

Binding that lets a Worker perform the full Cloudflare Tunnel CRUD surface at runtime.

Creates a scoped {@link AccountApiToken} with both the Cloudflare Tunnel Read and Cloudflare Tunnel Write permissions and binds its outputs into the Worker (the token value as a secret_text binding) so runtime code can authenticate.

Managing tunnels at runtime

Section titled “Managing tunnels at runtime”
// init
const tunnels = yield* Cloudflare.TunnelReadWrite.bind();


return {
  fetch: Effect.gen(function* () {
    const tunnel = yield* tunnels.create({ name: "on-demand-tunnel" });
    yield* tunnels.putConfiguration(tunnel.id!, {
      ingress: [
        { hostname: "app.example.com", service: "http://localhost:3000" },
        { service: "http_status:404" },
      ],
    });
    const token = yield* tunnels.getToken(tunnel.id!);
    return HttpServerResponse.json({ id: tunnel.id, token });
  }),
};

Runtime Layer

Section titled “Runtime Layer”

Provide {@link TunnelReadWriteLive} in the Worker’s runtime layer.

Effect.provide(Cloudflare.TunnelReadWriteLive)