I use Cloudflare Tunnels to expose services (like this blog!) to the public Internet while remaining protected by Cloudflare’s infrastructure. While attempting to add a new service, I noticed that there were two steps required:
- Updating the configuration deployed to the tunnel daemon, mapping the internal service to its externally-accessible name
- Updating Cloudflare’s DNS entries to map the external name to the Cloudflare tunnel
Although the first step is easily automated with the
cloudflare/cloudflared image, the second isn’t so simple - there’s no single command to update all exposed sites, so the logic would need to parse the config file to determine the set of all sites, and the
cloudflared image doesn’t include tools to do so.