← All articles

cloudflare tunnel setup

Cloudflare tunnel setup for local development

Cloudflare Tunnel can expose a local service through Cloudflare's network. Learn the setup paths, the tradeoffs, and the temporary review alternative.

Published May 19, 2026 5 min read
In this article

A cloudflare tunnel setup can mean two different workflows: a quick TryCloudflare tunnel for testing, or a managed Cloudflare Tunnel attached to your Cloudflare account and hostname.

Both route traffic from the public internet to a local or private service without opening inbound firewall ports. The right path depends on whether you need a quick development URL or a durable route that your team can manage over time.

This guide covers both setup paths, what each one gives you, and when a short-lived review link fits better.

cloudflare tunnel setup: quick or managed?

Start by choosing the tunnel type.

Use a quick tunnel when you want to test a local web server without adding a site to Cloudflare DNS. Cloudflare calls this TryCloudflare. It generates a random trycloudflare.com subdomain and proxies requests to your local server.

Use a managed tunnel when you want a named tunnel in Cloudflare One, a hostname on a domain you control, and settings your team can revisit in the dashboard or config.

The official Cloudflare docs make this distinction clear. Quick Tunnels target testing and development. Managed tunnels target production-like or team-managed access.

Option 1: TryCloudflare quick tunnel

Install cloudflared, start your local server, then run:

cloudflared tunnel --url http://localhost:8080

cloudflared prints a random public URL. Requests to that URL route through Cloudflare to the server on your machine.

Cloudflare documents quick tunnels as a way to share a laptop web server with people on different networks, test browser compatibility, or run external speed tests against a temporary URL. It also says quick tunnels are for testing and development, not production.

Watch the limits. Cloudflare’s TryCloudflare docs list a hard limit of 200 in-flight requests and no Server-Sent Events support. Cloudflare also does not guarantee SLA or uptime for quick tunnels.

Use this path when you want Cloudflare’s tunnel transport and you accept a random hostname with testing-only terms.

Option 2: remotely managed Cloudflare Tunnel

A managed tunnel starts in the Cloudflare dashboard.

  1. Log in to Cloudflare.
  2. Go to Zero Trust, then Networks, then Cloudflare Tunnels.
  3. Create a tunnel and choose cloudflared as the connector.
  4. Install and run the connector command Cloudflare gives you.
  5. Publish an application by choosing a subdomain, a domain, and a service URL such as http://localhost:8000.

Cloudflare’s managed tunnel docs note one important requirement: before you publish an application through the tunnel, you must add a website to Cloudflare. That means you need a Cloudflare account, a domain in Cloudflare, and DNS ownership for the hostname you want to use.

The result is a durable tunnel object with dashboard visibility. Anyone on the internet can access the published application unless you add Cloudflare Access or another control in front of it.

Use this path for team infrastructure, internal apps, demos that need a known hostname, or services that benefit from Cloudflare Access policies.

Local development checks before exposing the port

Before you expose a dev server, confirm the local service behaves as expected.

curl http://localhost:8080

If the app only binds to 127.0.0.1, cloudflared can still reach it from the same machine. If you run the tunnel in Docker, WSL, or a separate VM, check which network namespace owns localhost.

Also check app-level host restrictions. Some frameworks reject requests when the Host header does not match an allowed value. If your public tunnel URL loads a framework error, your app may need an allowed host setting for that tunnel hostname.

Keep test credentials and admin routes out of any public tunnel unless you add authentication. A tunnel URL is a public route.

Cloudflare Tunnel solves network access. It does not center the live review workflow.

For a client or stakeholder review, the questions tend to be narrower:

  • Can I create a link in under a minute?
  • Can I set the review window to 15, 30, or 60 minutes?
  • Can I see who joined?
  • Can I see request failures during the session?
  • Can the reviewer open the link without an account?

wiremaven targets that review workflow. It creates temporary encrypted links for local dev servers through an outbound WebSocket relay. During beta, there is no account requirement. The developer sees viewer, request, and failure signals while the TTL counts down.

npx wiremaven-cli 3000 --expires 30m --name design-review

Cloudflare Tunnel remains a strong choice when you want a Cloudflare-managed hostname and access controls. wiremaven fits the short review window before a branch belongs on staging.

For product setup, read the wiremaven docs. For the relay flow, see how wiremaven works.

Troubleshooting common setup issues

If the public URL returns a Cloudflare error, first confirm your local service responds on the URL you passed to cloudflared. Then restart the tunnel so the output shows a fresh connection.

If a managed tunnel shows Inactive, Down, or Degraded, check the connector command and outbound connectivity. Cloudflare’s docs call out port 7844 for connector reachability checks.

If a quick tunnel fails while a config file exists in .cloudflared, Cloudflare notes that TryCloudflare may not work with an existing config.yaml present. Rename the config file while testing the quick tunnel.

If requests fail only inside your app, inspect framework host settings, auth callbacks, CORS rules, and secure-cookie behavior.

FAQ

Does Cloudflare Tunnel require an account?

Managed Cloudflare Tunnel requires a Cloudflare account and a domain route when you publish an application. TryCloudflare quick tunnels can create a random testing URL without adding a site to Cloudflare DNS.

Can I use Cloudflare Tunnel for production?

Use managed tunnels for production-style access. Cloudflare documents TryCloudflare quick tunnels for testing and development, not production, and lists limits that only apply to quick tunnels.

Is Cloudflare Tunnel the same as ngrok?

Both can expose local or private services through an outbound connector. Cloudflare Tunnel fits Cloudflare-managed access and domains. ngrok fits a broader tunnel and traffic inspection product. For a direct comparison, read ngrok vs Cloudflare Tunnel.

Start with the job

Use Cloudflare Tunnel when you want a Cloudflare-managed route. Use a scoped review link when the goal is a time-boxed local review.

npx wiremaven-cli 3000 --expires 30m

Related: what is a localhost tunnel and ngrok alternatives.