cloudflare.TunnelConfig
Explore with Pulumi AI
Provides a Cloudflare Tunnel configuration resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
const exampleTunnel = new cloudflare.ZeroTrustTunnelCloudflared("example_tunnel", {
accountId: "f037e56e89293a057740de681ac9abbe",
name: "example_tunnel",
secret: "<32 character secret>",
});
const exampleConfig = new cloudflare.TunnelConfig("example_config", {
accountId: "f037e56e89293a057740de681ac9abbe",
tunnelId: exampleTunnel.id,
config: {
warpRouting: {
enabled: true,
},
originRequest: {
connectTimeout: "1m0s",
tlsTimeout: "1m0s",
tcpKeepAlive: "1m0s",
noHappyEyeballs: false,
keepAliveConnections: 1024,
keepAliveTimeout: "1m0s",
httpHostHeader: "baz",
originServerName: "foobar",
caPool: "/path/to/unsigned/ca/pool",
noTlsVerify: false,
disableChunkedEncoding: false,
bastionMode: false,
proxyAddress: "10.0.0.1",
proxyPort: 8123,
proxyType: "socks",
ipRules: [{
prefix: "/web",
ports: [
80,
443,
],
allow: false,
}],
},
ingressRules: [
{
hostname: "foo",
path: "/bar",
service: "http://10.0.0.2:8080",
originRequest: {
connectTimeout: "2m0s",
access: {
required: true,
teamName: "terraform",
audTags: ["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"],
},
},
},
{
service: "https://10.0.0.3:8081",
},
],
},
});
import pulumi
import pulumi_cloudflare as cloudflare
example_tunnel = cloudflare.ZeroTrustTunnelCloudflared("example_tunnel",
account_id="f037e56e89293a057740de681ac9abbe",
name="example_tunnel",
secret="<32 character secret>")
example_config = cloudflare.TunnelConfig("example_config",
account_id="f037e56e89293a057740de681ac9abbe",
tunnel_id=example_tunnel.id,
config={
"warp_routing": {
"enabled": True,
},
"origin_request": {
"connect_timeout": "1m0s",
"tls_timeout": "1m0s",
"tcp_keep_alive": "1m0s",
"no_happy_eyeballs": False,
"keep_alive_connections": 1024,
"keep_alive_timeout": "1m0s",
"http_host_header": "baz",
"origin_server_name": "foobar",
"ca_pool": "/path/to/unsigned/ca/pool",
"no_tls_verify": False,
"disable_chunked_encoding": False,
"bastion_mode": False,
"proxy_address": "10.0.0.1",
"proxy_port": 8123,
"proxy_type": "socks",
"ip_rules": [{
"prefix": "/web",
"ports": [
80,
443,
],
"allow": False,
}],
},
"ingress_rules": [
{
"hostname": "foo",
"path": "/bar",
"service": "http://10.0.0.2:8080",
"origin_request": {
"connect_timeout": "2m0s",
"access": {
"required": True,
"team_name": "terraform",
"aud_tags": ["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"],
},
},
},
{
"service": "https://10.0.0.3:8081",
},
],
})
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleTunnel, err := cloudflare.NewZeroTrustTunnelCloudflared(ctx, "example_tunnel", &cloudflare.ZeroTrustTunnelCloudflaredArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
Name: pulumi.String("example_tunnel"),
Secret: pulumi.String("<32 character secret>"),
})
if err != nil {
return err
}
_, err = cloudflare.NewTunnelConfig(ctx, "example_config", &cloudflare.TunnelConfigArgs{
AccountId: pulumi.String("f037e56e89293a057740de681ac9abbe"),
TunnelId: exampleTunnel.ID(),
Config: &cloudflare.TunnelConfigConfigArgs{
WarpRouting: &cloudflare.TunnelConfigConfigWarpRoutingArgs{
Enabled: pulumi.Bool(true),
},
OriginRequest: &cloudflare.TunnelConfigConfigOriginRequestArgs{
ConnectTimeout: pulumi.String("1m0s"),
TlsTimeout: pulumi.String("1m0s"),
TcpKeepAlive: pulumi.String("1m0s"),
NoHappyEyeballs: pulumi.Bool(false),
KeepAliveConnections: pulumi.Int(1024),
KeepAliveTimeout: pulumi.String("1m0s"),
HttpHostHeader: pulumi.String("baz"),
OriginServerName: pulumi.String("foobar"),
CaPool: pulumi.String("/path/to/unsigned/ca/pool"),
NoTlsVerify: pulumi.Bool(false),
DisableChunkedEncoding: pulumi.Bool(false),
BastionMode: pulumi.Bool(false),
ProxyAddress: pulumi.String("10.0.0.1"),
ProxyPort: pulumi.Int(8123),
ProxyType: pulumi.String("socks"),
IpRules: cloudflare.TunnelConfigConfigOriginRequestIpRuleArray{
&cloudflare.TunnelConfigConfigOriginRequestIpRuleArgs{
Prefix: pulumi.String("/web"),
Ports: pulumi.IntArray{
pulumi.Int(80),
pulumi.Int(443),
},
Allow: pulumi.Bool(false),
},
},
},
IngressRules: cloudflare.TunnelConfigConfigIngressRuleArray{
&cloudflare.TunnelConfigConfigIngressRuleArgs{
Hostname: pulumi.String("foo"),
Path: pulumi.String("/bar"),
Service: pulumi.String("http://10.0.0.2:8080"),
OriginRequest: &cloudflare.TunnelConfigConfigIngressRuleOriginRequestArgs{
ConnectTimeout: pulumi.String("2m0s"),
Access: &cloudflare.TunnelConfigConfigIngressRuleOriginRequestAccessArgs{
Required: pulumi.Bool(true),
TeamName: pulumi.String("terraform"),
AudTags: pulumi.StringArray{
pulumi.String("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"),
},
},
},
},
&cloudflare.TunnelConfigConfigIngressRuleArgs{
Service: pulumi.String("https://10.0.0.3:8081"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
var exampleTunnel = new Cloudflare.ZeroTrustTunnelCloudflared("example_tunnel", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
Name = "example_tunnel",
Secret = "<32 character secret>",
});
var exampleConfig = new Cloudflare.TunnelConfig("example_config", new()
{
AccountId = "f037e56e89293a057740de681ac9abbe",
TunnelId = exampleTunnel.Id,
Config = new Cloudflare.Inputs.TunnelConfigConfigArgs
{
WarpRouting = new Cloudflare.Inputs.TunnelConfigConfigWarpRoutingArgs
{
Enabled = true,
},
OriginRequest = new Cloudflare.Inputs.TunnelConfigConfigOriginRequestArgs
{
ConnectTimeout = "1m0s",
TlsTimeout = "1m0s",
TcpKeepAlive = "1m0s",
NoHappyEyeballs = false,
KeepAliveConnections = 1024,
KeepAliveTimeout = "1m0s",
HttpHostHeader = "baz",
OriginServerName = "foobar",
CaPool = "/path/to/unsigned/ca/pool",
NoTlsVerify = false,
DisableChunkedEncoding = false,
BastionMode = false,
ProxyAddress = "10.0.0.1",
ProxyPort = 8123,
ProxyType = "socks",
IpRules = new[]
{
new Cloudflare.Inputs.TunnelConfigConfigOriginRequestIpRuleArgs
{
Prefix = "/web",
Ports = new[]
{
80,
443,
},
Allow = false,
},
},
},
IngressRules = new[]
{
new Cloudflare.Inputs.TunnelConfigConfigIngressRuleArgs
{
Hostname = "foo",
Path = "/bar",
Service = "http://10.0.0.2:8080",
OriginRequest = new Cloudflare.Inputs.TunnelConfigConfigIngressRuleOriginRequestArgs
{
ConnectTimeout = "2m0s",
Access = new Cloudflare.Inputs.TunnelConfigConfigIngressRuleOriginRequestAccessArgs
{
Required = true,
TeamName = "terraform",
AudTags = new[]
{
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
},
},
},
},
new Cloudflare.Inputs.TunnelConfigConfigIngressRuleArgs
{
Service = "https://10.0.0.3:8081",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.ZeroTrustTunnelCloudflared;
import com.pulumi.cloudflare.ZeroTrustTunnelCloudflaredArgs;
import com.pulumi.cloudflare.TunnelConfig;
import com.pulumi.cloudflare.TunnelConfigArgs;
import com.pulumi.cloudflare.inputs.TunnelConfigConfigArgs;
import com.pulumi.cloudflare.inputs.TunnelConfigConfigWarpRoutingArgs;
import com.pulumi.cloudflare.inputs.TunnelConfigConfigOriginRequestArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleTunnel = new ZeroTrustTunnelCloudflared("exampleTunnel", ZeroTrustTunnelCloudflaredArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.name("example_tunnel")
.secret("<32 character secret>")
.build());
var exampleConfig = new TunnelConfig("exampleConfig", TunnelConfigArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.tunnelId(exampleTunnel.id())
.config(TunnelConfigConfigArgs.builder()
.warpRouting(TunnelConfigConfigWarpRoutingArgs.builder()
.enabled(true)
.build())
.originRequest(TunnelConfigConfigOriginRequestArgs.builder()
.connectTimeout("1m0s")
.tlsTimeout("1m0s")
.tcpKeepAlive("1m0s")
.noHappyEyeballs(false)
.keepAliveConnections(1024)
.keepAliveTimeout("1m0s")
.httpHostHeader("baz")
.originServerName("foobar")
.caPool("/path/to/unsigned/ca/pool")
.noTlsVerify(false)
.disableChunkedEncoding(false)
.bastionMode(false)
.proxyAddress("10.0.0.1")
.proxyPort("8123")
.proxyType("socks")
.ipRules(TunnelConfigConfigOriginRequestIpRuleArgs.builder()
.prefix("/web")
.ports(
80,
443)
.allow(false)
.build())
.build())
.ingressRules(
TunnelConfigConfigIngressRuleArgs.builder()
.hostname("foo")
.path("/bar")
.service("http://10.0.0.2:8080")
.originRequest(TunnelConfigConfigIngressRuleOriginRequestArgs.builder()
.connectTimeout("2m0s")
.access(TunnelConfigConfigIngressRuleOriginRequestAccessArgs.builder()
.required(true)
.teamName("terraform")
.audTags("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")
.build())
.build())
.build(),
TunnelConfigConfigIngressRuleArgs.builder()
.service("https://10.0.0.3:8081")
.build())
.build())
.build());
}
}
resources:
exampleTunnel:
type: cloudflare:ZeroTrustTunnelCloudflared
name: example_tunnel
properties:
accountId: f037e56e89293a057740de681ac9abbe
name: example_tunnel
secret: <32 character secret>
exampleConfig:
type: cloudflare:TunnelConfig
name: example_config
properties:
accountId: f037e56e89293a057740de681ac9abbe
tunnelId: ${exampleTunnel.id}
config:
warpRouting:
enabled: true
originRequest:
connectTimeout: 1m0s
tlsTimeout: 1m0s
tcpKeepAlive: 1m0s
noHappyEyeballs: false
keepAliveConnections: 1024
keepAliveTimeout: 1m0s
httpHostHeader: baz
originServerName: foobar
caPool: /path/to/unsigned/ca/pool
noTlsVerify: false
disableChunkedEncoding: false
bastionMode: false
proxyAddress: 10.0.0.1
proxyPort: '8123'
proxyType: socks
ipRules:
- prefix: /web
ports:
- 80
- 443
allow: false
ingressRules:
- hostname: foo
path: /bar
service: http://10.0.0.2:8080
originRequest:
connectTimeout: 2m0s
access:
required: true
teamName: terraform
audTags:
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- service: https://10.0.0.3:8081
Create TunnelConfig Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TunnelConfig(name: string, args: TunnelConfigArgs, opts?: CustomResourceOptions);
@overload
def TunnelConfig(resource_name: str,
args: TunnelConfigArgs,
opts: Optional[ResourceOptions] = None)
@overload
def TunnelConfig(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
config: Optional[TunnelConfigConfigArgs] = None,
tunnel_id: Optional[str] = None)
func NewTunnelConfig(ctx *Context, name string, args TunnelConfigArgs, opts ...ResourceOption) (*TunnelConfig, error)
public TunnelConfig(string name, TunnelConfigArgs args, CustomResourceOptions? opts = null)
public TunnelConfig(String name, TunnelConfigArgs args)
public TunnelConfig(String name, TunnelConfigArgs args, CustomResourceOptions options)
type: cloudflare:TunnelConfig
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TunnelConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TunnelConfigArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TunnelConfigArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TunnelConfigArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TunnelConfigArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var tunnelConfigResource = new Cloudflare.TunnelConfig("tunnelConfigResource", new()
{
AccountId = "string",
Config = new Cloudflare.Inputs.TunnelConfigConfigArgs
{
IngressRules = new[]
{
new Cloudflare.Inputs.TunnelConfigConfigIngressRuleArgs
{
Service = "string",
Hostname = "string",
OriginRequest = new Cloudflare.Inputs.TunnelConfigConfigIngressRuleOriginRequestArgs
{
Access = new Cloudflare.Inputs.TunnelConfigConfigIngressRuleOriginRequestAccessArgs
{
AudTags = new[]
{
"string",
},
Required = false,
TeamName = "string",
},
BastionMode = false,
CaPool = "string",
ConnectTimeout = "string",
DisableChunkedEncoding = false,
Http2Origin = false,
HttpHostHeader = "string",
IpRules = new[]
{
new Cloudflare.Inputs.TunnelConfigConfigIngressRuleOriginRequestIpRuleArgs
{
Allow = false,
Ports = new[]
{
0,
},
Prefix = "string",
},
},
KeepAliveConnections = 0,
KeepAliveTimeout = "string",
NoHappyEyeballs = false,
NoTlsVerify = false,
OriginServerName = "string",
ProxyAddress = "string",
ProxyPort = 0,
ProxyType = "string",
TcpKeepAlive = "string",
TlsTimeout = "string",
},
Path = "string",
},
},
OriginRequest = new Cloudflare.Inputs.TunnelConfigConfigOriginRequestArgs
{
Access = new Cloudflare.Inputs.TunnelConfigConfigOriginRequestAccessArgs
{
AudTags = new[]
{
"string",
},
Required = false,
TeamName = "string",
},
BastionMode = false,
CaPool = "string",
ConnectTimeout = "string",
DisableChunkedEncoding = false,
Http2Origin = false,
HttpHostHeader = "string",
IpRules = new[]
{
new Cloudflare.Inputs.TunnelConfigConfigOriginRequestIpRuleArgs
{
Allow = false,
Ports = new[]
{
0,
},
Prefix = "string",
},
},
KeepAliveConnections = 0,
KeepAliveTimeout = "string",
NoHappyEyeballs = false,
NoTlsVerify = false,
OriginServerName = "string",
ProxyAddress = "string",
ProxyPort = 0,
ProxyType = "string",
TcpKeepAlive = "string",
TlsTimeout = "string",
},
WarpRouting = new Cloudflare.Inputs.TunnelConfigConfigWarpRoutingArgs
{
Enabled = false,
},
},
TunnelId = "string",
});
example, err := cloudflare.NewTunnelConfig(ctx, "tunnelConfigResource", &cloudflare.TunnelConfigArgs{
AccountId: pulumi.String("string"),
Config: &cloudflare.TunnelConfigConfigArgs{
IngressRules: cloudflare.TunnelConfigConfigIngressRuleArray{
&cloudflare.TunnelConfigConfigIngressRuleArgs{
Service: pulumi.String("string"),
Hostname: pulumi.String("string"),
OriginRequest: &cloudflare.TunnelConfigConfigIngressRuleOriginRequestArgs{
Access: &cloudflare.TunnelConfigConfigIngressRuleOriginRequestAccessArgs{
AudTags: pulumi.StringArray{
pulumi.String("string"),
},
Required: pulumi.Bool(false),
TeamName: pulumi.String("string"),
},
BastionMode: pulumi.Bool(false),
CaPool: pulumi.String("string"),
ConnectTimeout: pulumi.String("string"),
DisableChunkedEncoding: pulumi.Bool(false),
Http2Origin: pulumi.Bool(false),
HttpHostHeader: pulumi.String("string"),
IpRules: cloudflare.TunnelConfigConfigIngressRuleOriginRequestIpRuleArray{
&cloudflare.TunnelConfigConfigIngressRuleOriginRequestIpRuleArgs{
Allow: pulumi.Bool(false),
Ports: pulumi.IntArray{
pulumi.Int(0),
},
Prefix: pulumi.String("string"),
},
},
KeepAliveConnections: pulumi.Int(0),
KeepAliveTimeout: pulumi.String("string"),
NoHappyEyeballs: pulumi.Bool(false),
NoTlsVerify: pulumi.Bool(false),
OriginServerName: pulumi.String("string"),
ProxyAddress: pulumi.String("string"),
ProxyPort: pulumi.Int(0),
ProxyType: pulumi.String("string"),
TcpKeepAlive: pulumi.String("string"),
TlsTimeout: pulumi.String("string"),
},
Path: pulumi.String("string"),
},
},
OriginRequest: &cloudflare.TunnelConfigConfigOriginRequestArgs{
Access: &cloudflare.TunnelConfigConfigOriginRequestAccessArgs{
AudTags: pulumi.StringArray{
pulumi.String("string"),
},
Required: pulumi.Bool(false),
TeamName: pulumi.String("string"),
},
BastionMode: pulumi.Bool(false),
CaPool: pulumi.String("string"),
ConnectTimeout: pulumi.String("string"),
DisableChunkedEncoding: pulumi.Bool(false),
Http2Origin: pulumi.Bool(false),
HttpHostHeader: pulumi.String("string"),
IpRules: cloudflare.TunnelConfigConfigOriginRequestIpRuleArray{
&cloudflare.TunnelConfigConfigOriginRequestIpRuleArgs{
Allow: pulumi.Bool(false),
Ports: pulumi.IntArray{
pulumi.Int(0),
},
Prefix: pulumi.String("string"),
},
},
KeepAliveConnections: pulumi.Int(0),
KeepAliveTimeout: pulumi.String("string"),
NoHappyEyeballs: pulumi.Bool(false),
NoTlsVerify: pulumi.Bool(false),
OriginServerName: pulumi.String("string"),
ProxyAddress: pulumi.String("string"),
ProxyPort: pulumi.Int(0),
ProxyType: pulumi.String("string"),
TcpKeepAlive: pulumi.String("string"),
TlsTimeout: pulumi.String("string"),
},
WarpRouting: &cloudflare.TunnelConfigConfigWarpRoutingArgs{
Enabled: pulumi.Bool(false),
},
},
TunnelId: pulumi.String("string"),
})
var tunnelConfigResource = new TunnelConfig("tunnelConfigResource", TunnelConfigArgs.builder()
.accountId("string")
.config(TunnelConfigConfigArgs.builder()
.ingressRules(TunnelConfigConfigIngressRuleArgs.builder()
.service("string")
.hostname("string")
.originRequest(TunnelConfigConfigIngressRuleOriginRequestArgs.builder()
.access(TunnelConfigConfigIngressRuleOriginRequestAccessArgs.builder()
.audTags("string")
.required(false)
.teamName("string")
.build())
.bastionMode(false)
.caPool("string")
.connectTimeout("string")
.disableChunkedEncoding(false)
.http2Origin(false)
.httpHostHeader("string")
.ipRules(TunnelConfigConfigIngressRuleOriginRequestIpRuleArgs.builder()
.allow(false)
.ports(0)
.prefix("string")
.build())
.keepAliveConnections(0)
.keepAliveTimeout("string")
.noHappyEyeballs(false)
.noTlsVerify(false)
.originServerName("string")
.proxyAddress("string")
.proxyPort(0)
.proxyType("string")
.tcpKeepAlive("string")
.tlsTimeout("string")
.build())
.path("string")
.build())
.originRequest(TunnelConfigConfigOriginRequestArgs.builder()
.access(TunnelConfigConfigOriginRequestAccessArgs.builder()
.audTags("string")
.required(false)
.teamName("string")
.build())
.bastionMode(false)
.caPool("string")
.connectTimeout("string")
.disableChunkedEncoding(false)
.http2Origin(false)
.httpHostHeader("string")
.ipRules(TunnelConfigConfigOriginRequestIpRuleArgs.builder()
.allow(false)
.ports(0)
.prefix("string")
.build())
.keepAliveConnections(0)
.keepAliveTimeout("string")
.noHappyEyeballs(false)
.noTlsVerify(false)
.originServerName("string")
.proxyAddress("string")
.proxyPort(0)
.proxyType("string")
.tcpKeepAlive("string")
.tlsTimeout("string")
.build())
.warpRouting(TunnelConfigConfigWarpRoutingArgs.builder()
.enabled(false)
.build())
.build())
.tunnelId("string")
.build());
tunnel_config_resource = cloudflare.TunnelConfig("tunnelConfigResource",
account_id="string",
config={
"ingress_rules": [{
"service": "string",
"hostname": "string",
"origin_request": {
"access": {
"aud_tags": ["string"],
"required": False,
"team_name": "string",
},
"bastion_mode": False,
"ca_pool": "string",
"connect_timeout": "string",
"disable_chunked_encoding": False,
"http2_origin": False,
"http_host_header": "string",
"ip_rules": [{
"allow": False,
"ports": [0],
"prefix": "string",
}],
"keep_alive_connections": 0,
"keep_alive_timeout": "string",
"no_happy_eyeballs": False,
"no_tls_verify": False,
"origin_server_name": "string",
"proxy_address": "string",
"proxy_port": 0,
"proxy_type": "string",
"tcp_keep_alive": "string",
"tls_timeout": "string",
},
"path": "string",
}],
"origin_request": {
"access": {
"aud_tags": ["string"],
"required": False,
"team_name": "string",
},
"bastion_mode": False,
"ca_pool": "string",
"connect_timeout": "string",
"disable_chunked_encoding": False,
"http2_origin": False,
"http_host_header": "string",
"ip_rules": [{
"allow": False,
"ports": [0],
"prefix": "string",
}],
"keep_alive_connections": 0,
"keep_alive_timeout": "string",
"no_happy_eyeballs": False,
"no_tls_verify": False,
"origin_server_name": "string",
"proxy_address": "string",
"proxy_port": 0,
"proxy_type": "string",
"tcp_keep_alive": "string",
"tls_timeout": "string",
},
"warp_routing": {
"enabled": False,
},
},
tunnel_id="string")
const tunnelConfigResource = new cloudflare.TunnelConfig("tunnelConfigResource", {
accountId: "string",
config: {
ingressRules: [{
service: "string",
hostname: "string",
originRequest: {
access: {
audTags: ["string"],
required: false,
teamName: "string",
},
bastionMode: false,
caPool: "string",
connectTimeout: "string",
disableChunkedEncoding: false,
http2Origin: false,
httpHostHeader: "string",
ipRules: [{
allow: false,
ports: [0],
prefix: "string",
}],
keepAliveConnections: 0,
keepAliveTimeout: "string",
noHappyEyeballs: false,
noTlsVerify: false,
originServerName: "string",
proxyAddress: "string",
proxyPort: 0,
proxyType: "string",
tcpKeepAlive: "string",
tlsTimeout: "string",
},
path: "string",
}],
originRequest: {
access: {
audTags: ["string"],
required: false,
teamName: "string",
},
bastionMode: false,
caPool: "string",
connectTimeout: "string",
disableChunkedEncoding: false,
http2Origin: false,
httpHostHeader: "string",
ipRules: [{
allow: false,
ports: [0],
prefix: "string",
}],
keepAliveConnections: 0,
keepAliveTimeout: "string",
noHappyEyeballs: false,
noTlsVerify: false,
originServerName: "string",
proxyAddress: "string",
proxyPort: 0,
proxyType: "string",
tcpKeepAlive: "string",
tlsTimeout: "string",
},
warpRouting: {
enabled: false,
},
},
tunnelId: "string",
});
type: cloudflare:TunnelConfig
properties:
accountId: string
config:
ingressRules:
- hostname: string
originRequest:
access:
audTags:
- string
required: false
teamName: string
bastionMode: false
caPool: string
connectTimeout: string
disableChunkedEncoding: false
http2Origin: false
httpHostHeader: string
ipRules:
- allow: false
ports:
- 0
prefix: string
keepAliveConnections: 0
keepAliveTimeout: string
noHappyEyeballs: false
noTlsVerify: false
originServerName: string
proxyAddress: string
proxyPort: 0
proxyType: string
tcpKeepAlive: string
tlsTimeout: string
path: string
service: string
originRequest:
access:
audTags:
- string
required: false
teamName: string
bastionMode: false
caPool: string
connectTimeout: string
disableChunkedEncoding: false
http2Origin: false
httpHostHeader: string
ipRules:
- allow: false
ports:
- 0
prefix: string
keepAliveConnections: 0
keepAliveTimeout: string
noHappyEyeballs: false
noTlsVerify: false
originServerName: string
proxyAddress: string
proxyPort: 0
proxyType: string
tcpKeepAlive: string
tlsTimeout: string
warpRouting:
enabled: false
tunnelId: string
TunnelConfig Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The TunnelConfig resource accepts the following input properties:
- Account
Id string - The account identifier to target for the resource.
- Config
Tunnel
Config Config - Configuration block for Tunnel Configuration.
- Tunnel
Id string - Identifier of the Tunnel to target for this configuration.
- Account
Id string - The account identifier to target for the resource.
- Config
Tunnel
Config Config Args - Configuration block for Tunnel Configuration.
- Tunnel
Id string - Identifier of the Tunnel to target for this configuration.
- account
Id String - The account identifier to target for the resource.
- config
Tunnel
Config Config - Configuration block for Tunnel Configuration.
- tunnel
Id String - Identifier of the Tunnel to target for this configuration.
- account
Id string - The account identifier to target for the resource.
- config
Tunnel
Config Config - Configuration block for Tunnel Configuration.
- tunnel
Id string - Identifier of the Tunnel to target for this configuration.
- account_
id str - The account identifier to target for the resource.
- config
Tunnel
Config Config Args - Configuration block for Tunnel Configuration.
- tunnel_
id str - Identifier of the Tunnel to target for this configuration.
- account
Id String - The account identifier to target for the resource.
- config Property Map
- Configuration block for Tunnel Configuration.
- tunnel
Id String - Identifier of the Tunnel to target for this configuration.
Outputs
All input properties are implicitly available as output properties. Additionally, the TunnelConfig resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing TunnelConfig Resource
Get an existing TunnelConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TunnelConfigState, opts?: CustomResourceOptions): TunnelConfig
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
config: Optional[TunnelConfigConfigArgs] = None,
tunnel_id: Optional[str] = None) -> TunnelConfig
func GetTunnelConfig(ctx *Context, name string, id IDInput, state *TunnelConfigState, opts ...ResourceOption) (*TunnelConfig, error)
public static TunnelConfig Get(string name, Input<string> id, TunnelConfigState? state, CustomResourceOptions? opts = null)
public static TunnelConfig get(String name, Output<String> id, TunnelConfigState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The account identifier to target for the resource.
- Config
Tunnel
Config Config - Configuration block for Tunnel Configuration.
- Tunnel
Id string - Identifier of the Tunnel to target for this configuration.
- Account
Id string - The account identifier to target for the resource.
- Config
Tunnel
Config Config Args - Configuration block for Tunnel Configuration.
- Tunnel
Id string - Identifier of the Tunnel to target for this configuration.
- account
Id String - The account identifier to target for the resource.
- config
Tunnel
Config Config - Configuration block for Tunnel Configuration.
- tunnel
Id String - Identifier of the Tunnel to target for this configuration.
- account
Id string - The account identifier to target for the resource.
- config
Tunnel
Config Config - Configuration block for Tunnel Configuration.
- tunnel
Id string - Identifier of the Tunnel to target for this configuration.
- account_
id str - The account identifier to target for the resource.
- config
Tunnel
Config Config Args - Configuration block for Tunnel Configuration.
- tunnel_
id str - Identifier of the Tunnel to target for this configuration.
- account
Id String - The account identifier to target for the resource.
- config Property Map
- Configuration block for Tunnel Configuration.
- tunnel
Id String - Identifier of the Tunnel to target for this configuration.
Supporting Types
TunnelConfigConfig, TunnelConfigConfigArgs
- Ingress
Rules List<TunnelConfig Config Ingress Rule> - Each incoming request received by cloudflared causes cloudflared to send a request to a local service. This section configures the rules that determine which requests are sent to which local services. Last rule must match all requests, e.g
service = "http_status:503"
. Read more. - Origin
Request TunnelConfig Config Origin Request - Warp
Routing TunnelConfig Config Warp Routing - If you're exposing a private network, you need to add the
warp-routing
key and set it totrue
.
- Ingress
Rules []TunnelConfig Config Ingress Rule - Each incoming request received by cloudflared causes cloudflared to send a request to a local service. This section configures the rules that determine which requests are sent to which local services. Last rule must match all requests, e.g
service = "http_status:503"
. Read more. - Origin
Request TunnelConfig Config Origin Request - Warp
Routing TunnelConfig Config Warp Routing - If you're exposing a private network, you need to add the
warp-routing
key and set it totrue
.
- ingress
Rules List<TunnelConfig Config Ingress Rule> - Each incoming request received by cloudflared causes cloudflared to send a request to a local service. This section configures the rules that determine which requests are sent to which local services. Last rule must match all requests, e.g
service = "http_status:503"
. Read more. - origin
Request TunnelConfig Config Origin Request - warp
Routing TunnelConfig Config Warp Routing - If you're exposing a private network, you need to add the
warp-routing
key and set it totrue
.
- ingress
Rules TunnelConfig Config Ingress Rule[] - Each incoming request received by cloudflared causes cloudflared to send a request to a local service. This section configures the rules that determine which requests are sent to which local services. Last rule must match all requests, e.g
service = "http_status:503"
. Read more. - origin
Request TunnelConfig Config Origin Request - warp
Routing TunnelConfig Config Warp Routing - If you're exposing a private network, you need to add the
warp-routing
key and set it totrue
.
- ingress_
rules Sequence[TunnelConfig Config Ingress Rule] - Each incoming request received by cloudflared causes cloudflared to send a request to a local service. This section configures the rules that determine which requests are sent to which local services. Last rule must match all requests, e.g
service = "http_status:503"
. Read more. - origin_
request TunnelConfig Config Origin Request - warp_
routing TunnelConfig Config Warp Routing - If you're exposing a private network, you need to add the
warp-routing
key and set it totrue
.
- ingress
Rules List<Property Map> - Each incoming request received by cloudflared causes cloudflared to send a request to a local service. This section configures the rules that determine which requests are sent to which local services. Last rule must match all requests, e.g
service = "http_status:503"
. Read more. - origin
Request Property Map - warp
Routing Property Map - If you're exposing a private network, you need to add the
warp-routing
key and set it totrue
.
TunnelConfigConfigIngressRule, TunnelConfigConfigIngressRuleArgs
- Service string
- Name of the service to which the request will be sent.
- Hostname string
- Hostname to match the incoming request with. If the hostname matches, the request will be sent to the service.
- Origin
Request TunnelConfig Config Ingress Rule Origin Request - Path string
- Path of the incoming request. If the path matches, the request will be sent to the local service.
- Service string
- Name of the service to which the request will be sent.
- Hostname string
- Hostname to match the incoming request with. If the hostname matches, the request will be sent to the service.
- Origin
Request TunnelConfig Config Ingress Rule Origin Request - Path string
- Path of the incoming request. If the path matches, the request will be sent to the local service.
- service String
- Name of the service to which the request will be sent.
- hostname String
- Hostname to match the incoming request with. If the hostname matches, the request will be sent to the service.
- origin
Request TunnelConfig Config Ingress Rule Origin Request - path String
- Path of the incoming request. If the path matches, the request will be sent to the local service.
- service string
- Name of the service to which the request will be sent.
- hostname string
- Hostname to match the incoming request with. If the hostname matches, the request will be sent to the service.
- origin
Request TunnelConfig Config Ingress Rule Origin Request - path string
- Path of the incoming request. If the path matches, the request will be sent to the local service.
- service str
- Name of the service to which the request will be sent.
- hostname str
- Hostname to match the incoming request with. If the hostname matches, the request will be sent to the service.
- origin_
request TunnelConfig Config Ingress Rule Origin Request - path str
- Path of the incoming request. If the path matches, the request will be sent to the local service.
- service String
- Name of the service to which the request will be sent.
- hostname String
- Hostname to match the incoming request with. If the hostname matches, the request will be sent to the service.
- origin
Request Property Map - path String
- Path of the incoming request. If the path matches, the request will be sent to the local service.
TunnelConfigConfigIngressRuleOriginRequest, TunnelConfigConfigIngressRuleOriginRequestArgs
- Access
Tunnel
Config Config Ingress Rule Origin Request Access - Access rules for the ingress service.
- Bastion
Mode bool - Runs as jump host.
- Ca
Pool string - Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. Defaults to
""
. - Connect
Timeout string - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by
tlsTimeout
. Defaults to30s
. - Disable
Chunked boolEncoding - Disables chunked transfer encoding. Useful if you are running a Web Server Gateway Interface (WSGI) server. Defaults to
false
. - Http2Origin bool
- Enables HTTP/2 support for the origin connection. Defaults to
false
. - Http
Host stringHeader - Sets the HTTP Host header on requests sent to the local service. Defaults to
""
. - Ip
Rules List<TunnelConfig Config Ingress Rule Origin Request Ip Rule> - IP rules for the proxy service.
- Keep
Alive intConnections - Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Defaults to
100
. - Keep
Alive stringTimeout - Timeout after which an idle keepalive connection can be discarded. Defaults to
1m30s
. - No
Happy boolEyeballs - Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Defaults to
false
. - No
Tls boolVerify - Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Defaults to
false
. - Origin
Server stringName - Hostname that cloudflared should expect from your origin server certificate. Defaults to
""
. - Proxy
Address string - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. Defaults to
127.0.0.1
. - Proxy
Port int - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. Defaults to
0
. - Proxy
Type string - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Available values:
""
,socks
. Defaults to""
. - Tcp
Keep stringAlive - The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Defaults to
30s
. - Tls
Timeout string - Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Defaults to
10s
.
- Access
Tunnel
Config Config Ingress Rule Origin Request Access - Access rules for the ingress service.
- Bastion
Mode bool - Runs as jump host.
- Ca
Pool string - Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. Defaults to
""
. - Connect
Timeout string - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by
tlsTimeout
. Defaults to30s
. - Disable
Chunked boolEncoding - Disables chunked transfer encoding. Useful if you are running a Web Server Gateway Interface (WSGI) server. Defaults to
false
. - Http2Origin bool
- Enables HTTP/2 support for the origin connection. Defaults to
false
. - Http
Host stringHeader - Sets the HTTP Host header on requests sent to the local service. Defaults to
""
. - Ip
Rules []TunnelConfig Config Ingress Rule Origin Request Ip Rule - IP rules for the proxy service.
- Keep
Alive intConnections - Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Defaults to
100
. - Keep
Alive stringTimeout - Timeout after which an idle keepalive connection can be discarded. Defaults to
1m30s
. - No
Happy boolEyeballs - Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Defaults to
false
. - No
Tls boolVerify - Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Defaults to
false
. - Origin
Server stringName - Hostname that cloudflared should expect from your origin server certificate. Defaults to
""
. - Proxy
Address string - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. Defaults to
127.0.0.1
. - Proxy
Port int - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. Defaults to
0
. - Proxy
Type string - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Available values:
""
,socks
. Defaults to""
. - Tcp
Keep stringAlive - The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Defaults to
30s
. - Tls
Timeout string - Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Defaults to
10s
.
- access
Tunnel
Config Config Ingress Rule Origin Request Access - Access rules for the ingress service.
- bastion
Mode Boolean - Runs as jump host.
- ca
Pool String - Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. Defaults to
""
. - connect
Timeout String - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by
tlsTimeout
. Defaults to30s
. - disable
Chunked BooleanEncoding - Disables chunked transfer encoding. Useful if you are running a Web Server Gateway Interface (WSGI) server. Defaults to
false
. - http2Origin Boolean
- Enables HTTP/2 support for the origin connection. Defaults to
false
. - http
Host StringHeader - Sets the HTTP Host header on requests sent to the local service. Defaults to
""
. - ip
Rules List<TunnelConfig Config Ingress Rule Origin Request Ip Rule> - IP rules for the proxy service.
- keep
Alive IntegerConnections - Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Defaults to
100
. - keep
Alive StringTimeout - Timeout after which an idle keepalive connection can be discarded. Defaults to
1m30s
. - no
Happy BooleanEyeballs - Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Defaults to
false
. - no
Tls BooleanVerify - Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Defaults to
false
. - origin
Server StringName - Hostname that cloudflared should expect from your origin server certificate. Defaults to
""
. - proxy
Address String - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. Defaults to
127.0.0.1
. - proxy
Port Integer - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. Defaults to
0
. - proxy
Type String - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Available values:
""
,socks
. Defaults to""
. - tcp
Keep StringAlive - The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Defaults to
30s
. - tls
Timeout String - Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Defaults to
10s
.
- access
Tunnel
Config Config Ingress Rule Origin Request Access - Access rules for the ingress service.
- bastion
Mode boolean - Runs as jump host.
- ca
Pool string - Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. Defaults to
""
. - connect
Timeout string - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by
tlsTimeout
. Defaults to30s
. - disable
Chunked booleanEncoding - Disables chunked transfer encoding. Useful if you are running a Web Server Gateway Interface (WSGI) server. Defaults to
false
. - http2Origin boolean
- Enables HTTP/2 support for the origin connection. Defaults to
false
. - http
Host stringHeader - Sets the HTTP Host header on requests sent to the local service. Defaults to
""
. - ip
Rules TunnelConfig Config Ingress Rule Origin Request Ip Rule[] - IP rules for the proxy service.
- keep
Alive numberConnections - Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Defaults to
100
. - keep
Alive stringTimeout - Timeout after which an idle keepalive connection can be discarded. Defaults to
1m30s
. - no
Happy booleanEyeballs - Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Defaults to
false
. - no
Tls booleanVerify - Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Defaults to
false
. - origin
Server stringName - Hostname that cloudflared should expect from your origin server certificate. Defaults to
""
. - proxy
Address string - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. Defaults to
127.0.0.1
. - proxy
Port number - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. Defaults to
0
. - proxy
Type string - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Available values:
""
,socks
. Defaults to""
. - tcp
Keep stringAlive - The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Defaults to
30s
. - tls
Timeout string - Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Defaults to
10s
.
- access
Tunnel
Config Config Ingress Rule Origin Request Access - Access rules for the ingress service.
- bastion_
mode bool - Runs as jump host.
- ca_
pool str - Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. Defaults to
""
. - connect_
timeout str - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by
tlsTimeout
. Defaults to30s
. - disable_
chunked_ boolencoding - Disables chunked transfer encoding. Useful if you are running a Web Server Gateway Interface (WSGI) server. Defaults to
false
. - http2_
origin bool - Enables HTTP/2 support for the origin connection. Defaults to
false
. - http_
host_ strheader - Sets the HTTP Host header on requests sent to the local service. Defaults to
""
. - ip_
rules Sequence[TunnelConfig Config Ingress Rule Origin Request Ip Rule] - IP rules for the proxy service.
- keep_
alive_ intconnections - Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Defaults to
100
. - keep_
alive_ strtimeout - Timeout after which an idle keepalive connection can be discarded. Defaults to
1m30s
. - no_
happy_ booleyeballs - Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Defaults to
false
. - no_
tls_ boolverify - Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Defaults to
false
. - origin_
server_ strname - Hostname that cloudflared should expect from your origin server certificate. Defaults to
""
. - proxy_
address str - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. Defaults to
127.0.0.1
. - proxy_
port int - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. Defaults to
0
. - proxy_
type str - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Available values:
""
,socks
. Defaults to""
. - tcp_
keep_ stralive - The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Defaults to
30s
. - tls_
timeout str - Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Defaults to
10s
.
- access Property Map
- Access rules for the ingress service.
- bastion
Mode Boolean - Runs as jump host.
- ca
Pool String - Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. Defaults to
""
. - connect
Timeout String - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by
tlsTimeout
. Defaults to30s
. - disable
Chunked BooleanEncoding - Disables chunked transfer encoding. Useful if you are running a Web Server Gateway Interface (WSGI) server. Defaults to
false
. - http2Origin Boolean
- Enables HTTP/2 support for the origin connection. Defaults to
false
. - http
Host StringHeader - Sets the HTTP Host header on requests sent to the local service. Defaults to
""
. - ip
Rules List<Property Map> - IP rules for the proxy service.
- keep
Alive NumberConnections - Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Defaults to
100
. - keep
Alive StringTimeout - Timeout after which an idle keepalive connection can be discarded. Defaults to
1m30s
. - no
Happy BooleanEyeballs - Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Defaults to
false
. - no
Tls BooleanVerify - Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Defaults to
false
. - origin
Server StringName - Hostname that cloudflared should expect from your origin server certificate. Defaults to
""
. - proxy
Address String - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. Defaults to
127.0.0.1
. - proxy
Port Number - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. Defaults to
0
. - proxy
Type String - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Available values:
""
,socks
. Defaults to""
. - tcp
Keep StringAlive - The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Defaults to
30s
. - tls
Timeout String - Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Defaults to
10s
.
TunnelConfigConfigIngressRuleOriginRequestAccess, TunnelConfigConfigIngressRuleOriginRequestAccessArgs
TunnelConfigConfigIngressRuleOriginRequestIpRule, TunnelConfigConfigIngressRuleOriginRequestIpRuleArgs
TunnelConfigConfigOriginRequest, TunnelConfigConfigOriginRequestArgs
- Access
Tunnel
Config Config Origin Request Access - Access rules for the ingress service.
- Bastion
Mode bool - Runs as jump host.
- Ca
Pool string - Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. Defaults to
""
. - Connect
Timeout string - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by
tlsTimeout
. Defaults to30s
. - Disable
Chunked boolEncoding - Disables chunked transfer encoding. Useful if you are running a Web Server Gateway Interface (WSGI) server. Defaults to
false
. - Http2Origin bool
- Enables HTTP/2 support for the origin connection. Defaults to
false
. - Http
Host stringHeader - Sets the HTTP Host header on requests sent to the local service. Defaults to
""
. - Ip
Rules List<TunnelConfig Config Origin Request Ip Rule> - IP rules for the proxy service.
- Keep
Alive intConnections - Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Defaults to
100
. - Keep
Alive stringTimeout - Timeout after which an idle keepalive connection can be discarded. Defaults to
1m30s
. - No
Happy boolEyeballs - Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Defaults to
false
. - No
Tls boolVerify - Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Defaults to
false
. - Origin
Server stringName - Hostname that cloudflared should expect from your origin server certificate. Defaults to
""
. - Proxy
Address string - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. Defaults to
127.0.0.1
. - Proxy
Port int - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. Defaults to
0
. - Proxy
Type string - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Available values:
""
,socks
. Defaults to""
. - Tcp
Keep stringAlive - The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Defaults to
30s
. - Tls
Timeout string - Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Defaults to
10s
.
- Access
Tunnel
Config Config Origin Request Access - Access rules for the ingress service.
- Bastion
Mode bool - Runs as jump host.
- Ca
Pool string - Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. Defaults to
""
. - Connect
Timeout string - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by
tlsTimeout
. Defaults to30s
. - Disable
Chunked boolEncoding - Disables chunked transfer encoding. Useful if you are running a Web Server Gateway Interface (WSGI) server. Defaults to
false
. - Http2Origin bool
- Enables HTTP/2 support for the origin connection. Defaults to
false
. - Http
Host stringHeader - Sets the HTTP Host header on requests sent to the local service. Defaults to
""
. - Ip
Rules []TunnelConfig Config Origin Request Ip Rule - IP rules for the proxy service.
- Keep
Alive intConnections - Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Defaults to
100
. - Keep
Alive stringTimeout - Timeout after which an idle keepalive connection can be discarded. Defaults to
1m30s
. - No
Happy boolEyeballs - Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Defaults to
false
. - No
Tls boolVerify - Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Defaults to
false
. - Origin
Server stringName - Hostname that cloudflared should expect from your origin server certificate. Defaults to
""
. - Proxy
Address string - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. Defaults to
127.0.0.1
. - Proxy
Port int - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. Defaults to
0
. - Proxy
Type string - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Available values:
""
,socks
. Defaults to""
. - Tcp
Keep stringAlive - The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Defaults to
30s
. - Tls
Timeout string - Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Defaults to
10s
.
- access
Tunnel
Config Config Origin Request Access - Access rules for the ingress service.
- bastion
Mode Boolean - Runs as jump host.
- ca
Pool String - Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. Defaults to
""
. - connect
Timeout String - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by
tlsTimeout
. Defaults to30s
. - disable
Chunked BooleanEncoding - Disables chunked transfer encoding. Useful if you are running a Web Server Gateway Interface (WSGI) server. Defaults to
false
. - http2Origin Boolean
- Enables HTTP/2 support for the origin connection. Defaults to
false
. - http
Host StringHeader - Sets the HTTP Host header on requests sent to the local service. Defaults to
""
. - ip
Rules List<TunnelConfig Config Origin Request Ip Rule> - IP rules for the proxy service.
- keep
Alive IntegerConnections - Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Defaults to
100
. - keep
Alive StringTimeout - Timeout after which an idle keepalive connection can be discarded. Defaults to
1m30s
. - no
Happy BooleanEyeballs - Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Defaults to
false
. - no
Tls BooleanVerify - Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Defaults to
false
. - origin
Server StringName - Hostname that cloudflared should expect from your origin server certificate. Defaults to
""
. - proxy
Address String - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. Defaults to
127.0.0.1
. - proxy
Port Integer - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. Defaults to
0
. - proxy
Type String - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Available values:
""
,socks
. Defaults to""
. - tcp
Keep StringAlive - The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Defaults to
30s
. - tls
Timeout String - Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Defaults to
10s
.
- access
Tunnel
Config Config Origin Request Access - Access rules for the ingress service.
- bastion
Mode boolean - Runs as jump host.
- ca
Pool string - Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. Defaults to
""
. - connect
Timeout string - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by
tlsTimeout
. Defaults to30s
. - disable
Chunked booleanEncoding - Disables chunked transfer encoding. Useful if you are running a Web Server Gateway Interface (WSGI) server. Defaults to
false
. - http2Origin boolean
- Enables HTTP/2 support for the origin connection. Defaults to
false
. - http
Host stringHeader - Sets the HTTP Host header on requests sent to the local service. Defaults to
""
. - ip
Rules TunnelConfig Config Origin Request Ip Rule[] - IP rules for the proxy service.
- keep
Alive numberConnections - Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Defaults to
100
. - keep
Alive stringTimeout - Timeout after which an idle keepalive connection can be discarded. Defaults to
1m30s
. - no
Happy booleanEyeballs - Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Defaults to
false
. - no
Tls booleanVerify - Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Defaults to
false
. - origin
Server stringName - Hostname that cloudflared should expect from your origin server certificate. Defaults to
""
. - proxy
Address string - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. Defaults to
127.0.0.1
. - proxy
Port number - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. Defaults to
0
. - proxy
Type string - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Available values:
""
,socks
. Defaults to""
. - tcp
Keep stringAlive - The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Defaults to
30s
. - tls
Timeout string - Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Defaults to
10s
.
- access
Tunnel
Config Config Origin Request Access - Access rules for the ingress service.
- bastion_
mode bool - Runs as jump host.
- ca_
pool str - Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. Defaults to
""
. - connect_
timeout str - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by
tlsTimeout
. Defaults to30s
. - disable_
chunked_ boolencoding - Disables chunked transfer encoding. Useful if you are running a Web Server Gateway Interface (WSGI) server. Defaults to
false
. - http2_
origin bool - Enables HTTP/2 support for the origin connection. Defaults to
false
. - http_
host_ strheader - Sets the HTTP Host header on requests sent to the local service. Defaults to
""
. - ip_
rules Sequence[TunnelConfig Config Origin Request Ip Rule] - IP rules for the proxy service.
- keep_
alive_ intconnections - Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Defaults to
100
. - keep_
alive_ strtimeout - Timeout after which an idle keepalive connection can be discarded. Defaults to
1m30s
. - no_
happy_ booleyeballs - Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Defaults to
false
. - no_
tls_ boolverify - Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Defaults to
false
. - origin_
server_ strname - Hostname that cloudflared should expect from your origin server certificate. Defaults to
""
. - proxy_
address str - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. Defaults to
127.0.0.1
. - proxy_
port int - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. Defaults to
0
. - proxy_
type str - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Available values:
""
,socks
. Defaults to""
. - tcp_
keep_ stralive - The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Defaults to
30s
. - tls_
timeout str - Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Defaults to
10s
.
- access Property Map
- Access rules for the ingress service.
- bastion
Mode Boolean - Runs as jump host.
- ca
Pool String - Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. Defaults to
""
. - connect
Timeout String - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by
tlsTimeout
. Defaults to30s
. - disable
Chunked BooleanEncoding - Disables chunked transfer encoding. Useful if you are running a Web Server Gateway Interface (WSGI) server. Defaults to
false
. - http2Origin Boolean
- Enables HTTP/2 support for the origin connection. Defaults to
false
. - http
Host StringHeader - Sets the HTTP Host header on requests sent to the local service. Defaults to
""
. - ip
Rules List<Property Map> - IP rules for the proxy service.
- keep
Alive NumberConnections - Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Defaults to
100
. - keep
Alive StringTimeout - Timeout after which an idle keepalive connection can be discarded. Defaults to
1m30s
. - no
Happy BooleanEyeballs - Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Defaults to
false
. - no
Tls BooleanVerify - Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Defaults to
false
. - origin
Server StringName - Hostname that cloudflared should expect from your origin server certificate. Defaults to
""
. - proxy
Address String - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. Defaults to
127.0.0.1
. - proxy
Port Number - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. Defaults to
0
. - proxy
Type String - cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Available values:
""
,socks
. Defaults to""
. - tcp
Keep StringAlive - The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Defaults to
30s
. - tls
Timeout String - Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Defaults to
10s
.
TunnelConfigConfigOriginRequestAccess, TunnelConfigConfigOriginRequestAccessArgs
TunnelConfigConfigOriginRequestIpRule, TunnelConfigConfigOriginRequestIpRuleArgs
TunnelConfigConfigWarpRouting, TunnelConfigConfigWarpRoutingArgs
- Enabled bool
- Whether WARP routing is enabled.
- Enabled bool
- Whether WARP routing is enabled.
- enabled Boolean
- Whether WARP routing is enabled.
- enabled boolean
- Whether WARP routing is enabled.
- enabled bool
- Whether WARP routing is enabled.
- enabled Boolean
- Whether WARP routing is enabled.
Import
$ pulumi import cloudflare:index/tunnelConfig:TunnelConfig example <account_id>/<tunnel_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflare
Terraform Provider.