Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Tunnels
Cloudflared
Configurations

Get configuration

client.ZeroTrust.Tunnels.Cloudflared.Configurations.Get(ctx, tunnelID, query) (*TunnelCloudflaredConfigurationGetResponse, error)
GET/accounts/{account_id}/cfd_tunnel/{tunnel_id}/configurations

Gets the configuration for a remotely-managed tunnel

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Cloudflare One Connectors WriteCloudflare One Connectors ReadCloudflare One Connector: cloudflared WriteCloudflare One Connector: cloudflared ReadCloudflare Tunnel WriteCloudflare Tunnel Read
ParametersExpand Collapse
tunnelID string

UUID of the tunnel.

formatuuid
maxLength36
query TunnelCloudflaredConfigurationGetParams
AccountID param.Field[string]

Identifier.

maxLength32
ReturnsExpand Collapse
type TunnelCloudflaredConfigurationGetResponse struct{…}

Cloudflare Tunnel configuration

AccountID stringOptional

Identifier.

maxLength32
Config TunnelCloudflaredConfigurationGetResponseConfigOptional

The tunnel configuration and ingress rules.

Ingress []TunnelCloudflaredConfigurationGetResponseConfigIngressOptional

List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.

Hostname string

Public hostname for this service.

Service string

Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code http_status:[code] e.g. ‘http_status:404’.

OriginRequest TunnelCloudflaredConfigurationGetResponseConfigIngressOriginRequestOptional

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

Access TunnelCloudflaredConfigurationGetResponseConfigIngressOriginRequestAccessOptional

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

AUDTag []string

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

TeamName string
Required boolOptional

Deny traffic that has not fulfilled Access authorization.

CAPool stringOptional

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

ConnectTimeout int64Optional

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

DisableChunkedEncoding boolOptional

Disables chunked transfer encoding. Useful if you are running a WSGI server.

HTTP2Origin boolOptional

Attempt to connect to origin using HTTP2. Origin must be configured as https.

HTTPHostHeader stringOptional

Sets the HTTP Host header on requests sent to the local service.

KeepAliveConnections int64Optional

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

KeepAliveTimeout int64Optional

Timeout after which an idle keepalive connection can be discarded.

MatchSnItoHost boolOptional

Auto configure the Hostname on the origin server certificate.

NoHappyEyeballs boolOptional

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

NoTLSVerify boolOptional

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

OriginServerName stringOptional

Hostname that cloudflared should expect from your origin server certificate.

ProxyType stringOptional

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.

TCPKeepAlive int64Optional

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

TLSTimeout int64Optional

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

Path stringOptional

Requests with this path route to this public hostname.

OriginRequest TunnelCloudflaredConfigurationGetResponseConfigOriginRequestOptional

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

Access TunnelCloudflaredConfigurationGetResponseConfigOriginRequestAccessOptional

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

AUDTag []string

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

TeamName string
Required boolOptional

Deny traffic that has not fulfilled Access authorization.

CAPool stringOptional

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

ConnectTimeout int64Optional

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

DisableChunkedEncoding boolOptional

Disables chunked transfer encoding. Useful if you are running a WSGI server.

HTTP2Origin boolOptional

Attempt to connect to origin using HTTP2. Origin must be configured as https.

HTTPHostHeader stringOptional

Sets the HTTP Host header on requests sent to the local service.

KeepAliveConnections int64Optional

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

KeepAliveTimeout int64Optional

Timeout after which an idle keepalive connection can be discarded.

MatchSnItoHost boolOptional

Auto configure the Hostname on the origin server certificate.

NoHappyEyeballs boolOptional

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

NoTLSVerify boolOptional

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

OriginServerName stringOptional

Hostname that cloudflared should expect from your origin server certificate.

ProxyType stringOptional

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.

TCPKeepAlive int64Optional

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

TLSTimeout int64Optional

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

CreatedAt TimeOptional
formatdate-time
Source TunnelCloudflaredConfigurationGetResponseSourceOptional

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel’s configuration on the Zero Trust dashboard.

One of the following:
const TunnelCloudflaredConfigurationGetResponseSourceLocal TunnelCloudflaredConfigurationGetResponseSource = "local"
const TunnelCloudflaredConfigurationGetResponseSourceCloudflare TunnelCloudflaredConfigurationGetResponseSource = "cloudflare"
TunnelID stringOptional

UUID of the tunnel.

formatuuid
maxLength36
Version int64Optional

The version of the Tunnel Configuration.

Get configuration

package main

import (
  "context"
  "fmt"

  "github.com/stainless-sdks/cloudflare-go"
  "github.com/stainless-sdks/cloudflare-go/option"
  "github.com/stainless-sdks/cloudflare-go/zero_trust"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  configuration, err := client.ZeroTrust.Tunnels.Cloudflared.Configurations.Get(
    context.TODO(),
    "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
    zero_trust.TunnelCloudflaredConfigurationGetParams{
      AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", configuration.AccountID)
}

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "account_id": "023e105f4ecef8ad9ca31a8372d0c353",
    "config": {
      "ingress": [
        {
          "hostname": "tunnel.example.com",
          "service": "https://localhost:8001",
          "originRequest": {
            "access": {
              "audTag": [
                "string"
              ],
              "teamName": "zero-trust-organization-name",
              "required": false
            },
            "caPool": "caPool",
            "connectTimeout": 10,
            "disableChunkedEncoding": true,
            "http2Origin": true,
            "httpHostHeader": "httpHostHeader",
            "keepAliveConnections": 100,
            "keepAliveTimeout": 90,
            "matchSNItoHost": false,
            "noHappyEyeballs": false,
            "noTLSVerify": false,
            "originServerName": "originServerName",
            "proxyType": "proxyType",
            "tcpKeepAlive": 30,
            "tlsTimeout": 10
          },
          "path": "subpath"
        }
      ],
      "originRequest": {
        "access": {
          "audTag": [
            "string"
          ],
          "teamName": "zero-trust-organization-name",
          "required": false
        },
        "caPool": "caPool",
        "connectTimeout": 10,
        "disableChunkedEncoding": true,
        "http2Origin": true,
        "httpHostHeader": "httpHostHeader",
        "keepAliveConnections": 100,
        "keepAliveTimeout": 90,
        "matchSNItoHost": false,
        "noHappyEyeballs": false,
        "noTLSVerify": false,
        "originServerName": "originServerName",
        "proxyType": "proxyType",
        "tcpKeepAlive": 30,
        "tlsTimeout": 10
      },
      "warp-routing": {
        "enabled": true
      }
    },
    "created_at": "2014-01-01T05:20:00.12345Z",
    "source": "cloudflare",
    "tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
    "version": 0
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "account_id": "023e105f4ecef8ad9ca31a8372d0c353",
    "config": {
      "ingress": [
        {
          "hostname": "tunnel.example.com",
          "service": "https://localhost:8001",
          "originRequest": {
            "access": {
              "audTag": [
                "string"
              ],
              "teamName": "zero-trust-organization-name",
              "required": false
            },
            "caPool": "caPool",
            "connectTimeout": 10,
            "disableChunkedEncoding": true,
            "http2Origin": true,
            "httpHostHeader": "httpHostHeader",
            "keepAliveConnections": 100,
            "keepAliveTimeout": 90,
            "matchSNItoHost": false,
            "noHappyEyeballs": false,
            "noTLSVerify": false,
            "originServerName": "originServerName",
            "proxyType": "proxyType",
            "tcpKeepAlive": 30,
            "tlsTimeout": 10
          },
          "path": "subpath"
        }
      ],
      "originRequest": {
        "access": {
          "audTag": [
            "string"
          ],
          "teamName": "zero-trust-organization-name",
          "required": false
        },
        "caPool": "caPool",
        "connectTimeout": 10,
        "disableChunkedEncoding": true,
        "http2Origin": true,
        "httpHostHeader": "httpHostHeader",
        "keepAliveConnections": 100,
        "keepAliveTimeout": 90,
        "matchSNItoHost": false,
        "noHappyEyeballs": false,
        "noTLSVerify": false,
        "originServerName": "originServerName",
        "proxyType": "proxyType",
        "tcpKeepAlive": 30,
        "tlsTimeout": 10
      },
      "warp-routing": {
        "enabled": true
      }
    },
    "created_at": "2014-01-01T05:20:00.12345Z",
    "source": "cloudflare",
    "tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
    "version": 0
  }
}