Cloudflare v6.0.0, Apr 14 25

Cloudflare v6.0.0 published on Monday, Apr 14, 2025 by Pulumi

cloudflare.getZeroTrustTunnelCloudflaredConfig

Explore with Pulumi AI

Cloudflare v6.0.0 published on Monday, Apr 14, 2025 by Pulumi

Example Usage

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleZeroTrustTunnelCloudflaredConfig = cloudflare.getZeroTrustTunnelCloudflaredConfig({
    accountId: "023e105f4ecef8ad9ca31a8372d0c353",
    tunnelId: "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
});

import pulumi
import pulumi_cloudflare as cloudflare

example_zero_trust_tunnel_cloudflared_config = cloudflare.get_zero_trust_tunnel_cloudflared_config(account_id="023e105f4ecef8ad9ca31a8372d0c353",
    tunnel_id="f70ff985-a4ef-4643-bbbc-4a0ed4fc8415")

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.LookupZeroTrustTunnelCloudflaredConfig(ctx, &cloudflare.LookupZeroTrustTunnelCloudflaredConfigArgs{
			AccountId: "023e105f4ecef8ad9ca31a8372d0c353",
			TunnelId:  "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleZeroTrustTunnelCloudflaredConfig = Cloudflare.GetZeroTrustTunnelCloudflaredConfig.Invoke(new()
    {
        AccountId = "023e105f4ecef8ad9ca31a8372d0c353",
        TunnelId = "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import com.pulumi.cloudflare.inputs.GetZeroTrustTunnelCloudflaredConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleZeroTrustTunnelCloudflaredConfig = CloudflareFunctions.getZeroTrustTunnelCloudflaredConfig(GetZeroTrustTunnelCloudflaredConfigArgs.builder()
            .accountId("023e105f4ecef8ad9ca31a8372d0c353")
            .tunnelId("f70ff985-a4ef-4643-bbbc-4a0ed4fc8415")
            .build());

    }
}

variables:
  exampleZeroTrustTunnelCloudflaredConfig:
    fn::invoke:
      function: cloudflare:getZeroTrustTunnelCloudflaredConfig
      arguments:
        accountId: 023e105f4ecef8ad9ca31a8372d0c353
        tunnelId: f70ff985-a4ef-4643-bbbc-4a0ed4fc8415

Using getZeroTrustTunnelCloudflaredConfig

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getZeroTrustTunnelCloudflaredConfig(args: GetZeroTrustTunnelCloudflaredConfigArgs, opts?: InvokeOptions): Promise<GetZeroTrustTunnelCloudflaredConfigResult>
function getZeroTrustTunnelCloudflaredConfigOutput(args: GetZeroTrustTunnelCloudflaredConfigOutputArgs, opts?: InvokeOptions): Output<GetZeroTrustTunnelCloudflaredConfigResult>

def get_zero_trust_tunnel_cloudflared_config(account_id: Optional[str] = None,
                                             tunnel_id: Optional[str] = None,
                                             opts: Optional[InvokeOptions] = None) -> GetZeroTrustTunnelCloudflaredConfigResult
def get_zero_trust_tunnel_cloudflared_config_output(account_id: Optional[pulumi.Input[str]] = None,
                                             tunnel_id: Optional[pulumi.Input[str]] = None,
                                             opts: Optional[InvokeOptions] = None) -> Output[GetZeroTrustTunnelCloudflaredConfigResult]

func LookupZeroTrustTunnelCloudflaredConfig(ctx *Context, args *LookupZeroTrustTunnelCloudflaredConfigArgs, opts ...InvokeOption) (*LookupZeroTrustTunnelCloudflaredConfigResult, error)
func LookupZeroTrustTunnelCloudflaredConfigOutput(ctx *Context, args *LookupZeroTrustTunnelCloudflaredConfigOutputArgs, opts ...InvokeOption) LookupZeroTrustTunnelCloudflaredConfigResultOutput

> Note: This function is named LookupZeroTrustTunnelCloudflaredConfig in the Go SDK.

public static class GetZeroTrustTunnelCloudflaredConfig 
{
    public static Task<GetZeroTrustTunnelCloudflaredConfigResult> InvokeAsync(GetZeroTrustTunnelCloudflaredConfigArgs args, InvokeOptions? opts = null)
    public static Output<GetZeroTrustTunnelCloudflaredConfigResult> Invoke(GetZeroTrustTunnelCloudflaredConfigInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetZeroTrustTunnelCloudflaredConfigResult> getZeroTrustTunnelCloudflaredConfig(GetZeroTrustTunnelCloudflaredConfigArgs args, InvokeOptions options)
public static Output<GetZeroTrustTunnelCloudflaredConfigResult> getZeroTrustTunnelCloudflaredConfig(GetZeroTrustTunnelCloudflaredConfigArgs args, InvokeOptions options)

fn::invoke:
  function: cloudflare:index/getZeroTrustTunnelCloudflaredConfig:getZeroTrustTunnelCloudflaredConfig
  arguments:
    # arguments dictionary

The following arguments are supported:

AccountId string: Identifier
TunnelId string: UUID of the tunnel.

AccountId string: Identifier
TunnelId string: UUID of the tunnel.

accountId String: Identifier
tunnelId String: UUID of the tunnel.

accountId string: Identifier
tunnelId string: UUID of the tunnel.

account_id str: Identifier
tunnel_id str: UUID of the tunnel.

accountId String: Identifier
tunnelId String: UUID of the tunnel.

getZeroTrustTunnelCloudflaredConfig Result

The following output properties are available:

AccountId string: Identifier
Config GetZeroTrustTunnelCloudflaredConfigConfig: The tunnel configuration and ingress rules.
CreatedAt string
Id string: The provider-assigned unique ID for this managed resource.
Source string: Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard. Available values: "local", "cloudflare".
TunnelId string: UUID of the tunnel.
Version int: The version of the Tunnel Configuration.

AccountId string: Identifier
Config GetZeroTrustTunnelCloudflaredConfigConfig: The tunnel configuration and ingress rules.
CreatedAt string
Id string: The provider-assigned unique ID for this managed resource.
Source string: Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard. Available values: "local", "cloudflare".
TunnelId string: UUID of the tunnel.
Version int: The version of the Tunnel Configuration.

accountId String: Identifier
config GetZeroTrustTunnelCloudflaredConfigConfig: The tunnel configuration and ingress rules.
createdAt String
id String: The provider-assigned unique ID for this managed resource.
source String: Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard. Available values: "local", "cloudflare".
tunnelId String: UUID of the tunnel.
version Integer: The version of the Tunnel Configuration.

accountId string: Identifier
config GetZeroTrustTunnelCloudflaredConfigConfig: The tunnel configuration and ingress rules.
createdAt string
id string: The provider-assigned unique ID for this managed resource.
source string: Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard. Available values: "local", "cloudflare".
tunnelId string: UUID of the tunnel.
version number: The version of the Tunnel Configuration.

account_id str: Identifier
config GetZeroTrustTunnelCloudflaredConfigConfig: The tunnel configuration and ingress rules.
created_at str
id str: The provider-assigned unique ID for this managed resource.
source str: Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard. Available values: "local", "cloudflare".
tunnel_id str: UUID of the tunnel.
version int: The version of the Tunnel Configuration.

accountId String: Identifier
config Property Map: The tunnel configuration and ingress rules.
createdAt String
id String: The provider-assigned unique ID for this managed resource.
source String: Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard. Available values: "local", "cloudflare".
tunnelId String: UUID of the tunnel.
version Number: The version of the Tunnel Configuration.

Supporting Types

GetZeroTrustTunnelCloudflaredConfigConfig

Ingresses List<GetZeroTrustTunnelCloudflaredConfigConfigIngress>: List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
OriginRequest GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
WarpRouting GetZeroTrustTunnelCloudflaredConfigConfigWarpRouting: Enable private network access from WARP users to private network routes. This is enabled if the tunnel has an assigned route.

Ingresses []GetZeroTrustTunnelCloudflaredConfigConfigIngress: List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
OriginRequest GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
WarpRouting GetZeroTrustTunnelCloudflaredConfigConfigWarpRouting: Enable private network access from WARP users to private network routes. This is enabled if the tunnel has an assigned route.

ingresses List<GetZeroTrustTunnelCloudflaredConfigConfigIngress>: List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
originRequest GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
warpRouting GetZeroTrustTunnelCloudflaredConfigConfigWarpRouting: Enable private network access from WARP users to private network routes. This is enabled if the tunnel has an assigned route.

ingresses GetZeroTrustTunnelCloudflaredConfigConfigIngress[]: List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
originRequest GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
warpRouting GetZeroTrustTunnelCloudflaredConfigConfigWarpRouting: Enable private network access from WARP users to private network routes. This is enabled if the tunnel has an assigned route.

ingresses Sequence[GetZeroTrustTunnelCloudflaredConfigConfigIngress]: List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
origin_request GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
warp_routing GetZeroTrustTunnelCloudflaredConfigConfigWarpRouting: Enable private network access from WARP users to private network routes. This is enabled if the tunnel has an assigned route.

ingresses List<Property Map>: List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
originRequest Property Map: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
warpRouting Property Map: Enable private network access from WARP users to private network routes. This is enabled if the tunnel has an assigned route.

GetZeroTrustTunnelCloudflaredConfigConfigIngress

Hostname string: Public hostname for this service.
OriginRequest GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
Path string: Requests with this path route to this public hostname.
Service string: Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code httpstatus:[code] e.g. 'httpstatus:404'.

Hostname string: Public hostname for this service.
OriginRequest GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
Path string: Requests with this path route to this public hostname.
Service string: Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code httpstatus:[code] e.g. 'httpstatus:404'.

hostname String: Public hostname for this service.
originRequest GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
path String: Requests with this path route to this public hostname.
service String: Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code httpstatus:[code] e.g. 'httpstatus:404'.

hostname string: Public hostname for this service.
originRequest GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
path string: Requests with this path route to this public hostname.
service string: Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code httpstatus:[code] e.g. 'httpstatus:404'.

hostname str: Public hostname for this service.
origin_request GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
path str: Requests with this path route to this public hostname.
service str: Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code httpstatus:[code] e.g. 'httpstatus:404'.

hostname String: Public hostname for this service.
originRequest Property Map: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
path String: Requests with this path route to this public hostname.
service String: Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code httpstatus:[code] e.g. 'httpstatus:404'.

GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest

Access GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
CaPool string: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
ConnectTimeout int: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
DisableChunkedEncoding bool: Disables chunked transfer encoding. Useful if you are running a WSGI server.
Http2Origin bool: Attempt to connect to origin using HTTP2. Origin must be configured as https.
HttpHostHeader string: Sets the HTTP Host header on requests sent to the local service.
KeepAliveConnections int: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
KeepAliveTimeout int: Timeout after which an idle keepalive connection can be discarded.
NoHappyEyeballs bool: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
NoTlsVerify bool: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
OriginServerName string: Hostname that cloudflared should expect from your origin server certificate.
ProxyType string: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
TcpKeepAlive int: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
TlsTimeout int: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

Access GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
CaPool string: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
ConnectTimeout int: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
DisableChunkedEncoding bool: Disables chunked transfer encoding. Useful if you are running a WSGI server.
Http2Origin bool: Attempt to connect to origin using HTTP2. Origin must be configured as https.
HttpHostHeader string: Sets the HTTP Host header on requests sent to the local service.
KeepAliveConnections int: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
KeepAliveTimeout int: Timeout after which an idle keepalive connection can be discarded.
NoHappyEyeballs bool: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
NoTlsVerify bool: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
OriginServerName string: Hostname that cloudflared should expect from your origin server certificate.
ProxyType string: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
TcpKeepAlive int: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
TlsTimeout int: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
caPool String: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connectTimeout Integer: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disableChunkedEncoding Boolean: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2Origin Boolean: Attempt to connect to origin using HTTP2. Origin must be configured as https.
httpHostHeader String: Sets the HTTP Host header on requests sent to the local service.
keepAliveConnections Integer: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keepAliveTimeout Integer: Timeout after which an idle keepalive connection can be discarded.
noHappyEyeballs Boolean: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
noTlsVerify Boolean: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
originServerName String: Hostname that cloudflared should expect from your origin server certificate.
proxyType String: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcpKeepAlive Integer: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tlsTimeout Integer: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
caPool string: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connectTimeout number: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disableChunkedEncoding boolean: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2Origin boolean: Attempt to connect to origin using HTTP2. Origin must be configured as https.
httpHostHeader string: Sets the HTTP Host header on requests sent to the local service.
keepAliveConnections number: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keepAliveTimeout number: Timeout after which an idle keepalive connection can be discarded.
noHappyEyeballs boolean: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
noTlsVerify boolean: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
originServerName string: Hostname that cloudflared should expect from your origin server certificate.
proxyType string: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcpKeepAlive number: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tlsTimeout number: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
ca_pool str: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connect_timeout int: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disable_chunked_encoding bool: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2_origin bool: Attempt to connect to origin using HTTP2. Origin must be configured as https.
http_host_header str: Sets the HTTP Host header on requests sent to the local service.
keep_alive_connections int: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keep_alive_timeout int: Timeout after which an idle keepalive connection can be discarded.
no_happy_eyeballs bool: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
no_tls_verify bool: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
origin_server_name str: Hostname that cloudflared should expect from your origin server certificate.
proxy_type str: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcp_keep_alive int: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tls_timeout int: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access Property Map: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
caPool String: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connectTimeout Number: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disableChunkedEncoding Boolean: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2Origin Boolean: Attempt to connect to origin using HTTP2. Origin must be configured as https.
httpHostHeader String: Sets the HTTP Host header on requests sent to the local service.
keepAliveConnections Number: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keepAliveTimeout Number: Timeout after which an idle keepalive connection can be discarded.
noHappyEyeballs Boolean: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
noTlsVerify Boolean: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
originServerName String: Hostname that cloudflared should expect from your origin server certificate.
proxyType String: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcpKeepAlive Number: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tlsTimeout Number: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess

AudTags List<string>: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
Required bool: Deny traffic that has not fulfilled Access authorization.
TeamName string

AudTags []string: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
Required bool: Deny traffic that has not fulfilled Access authorization.
TeamName string

audTags List<String>: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required Boolean: Deny traffic that has not fulfilled Access authorization.
teamName String

audTags string[]: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required boolean: Deny traffic that has not fulfilled Access authorization.
teamName string

aud_tags Sequence[str]: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required bool: Deny traffic that has not fulfilled Access authorization.
team_name str

audTags List<String>: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required Boolean: Deny traffic that has not fulfilled Access authorization.
teamName String

GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest

Access GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
CaPool string: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
ConnectTimeout int: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
DisableChunkedEncoding bool: Disables chunked transfer encoding. Useful if you are running a WSGI server.
Http2Origin bool: Attempt to connect to origin using HTTP2. Origin must be configured as https.
HttpHostHeader string: Sets the HTTP Host header on requests sent to the local service.
KeepAliveConnections int: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
KeepAliveTimeout int: Timeout after which an idle keepalive connection can be discarded.
NoHappyEyeballs bool: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
NoTlsVerify bool: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
OriginServerName string: Hostname that cloudflared should expect from your origin server certificate.
ProxyType string: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
TcpKeepAlive int: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
TlsTimeout int: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

Access GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
CaPool string: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
ConnectTimeout int: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
DisableChunkedEncoding bool: Disables chunked transfer encoding. Useful if you are running a WSGI server.
Http2Origin bool: Attempt to connect to origin using HTTP2. Origin must be configured as https.
HttpHostHeader string: Sets the HTTP Host header on requests sent to the local service.
KeepAliveConnections int: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
KeepAliveTimeout int: Timeout after which an idle keepalive connection can be discarded.
NoHappyEyeballs bool: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
NoTlsVerify bool: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
OriginServerName string: Hostname that cloudflared should expect from your origin server certificate.
ProxyType string: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
TcpKeepAlive int: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
TlsTimeout int: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
caPool String: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connectTimeout Integer: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disableChunkedEncoding Boolean: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2Origin Boolean: Attempt to connect to origin using HTTP2. Origin must be configured as https.
httpHostHeader String: Sets the HTTP Host header on requests sent to the local service.
keepAliveConnections Integer: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keepAliveTimeout Integer: Timeout after which an idle keepalive connection can be discarded.
noHappyEyeballs Boolean: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
noTlsVerify Boolean: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
originServerName String: Hostname that cloudflared should expect from your origin server certificate.
proxyType String: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcpKeepAlive Integer: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tlsTimeout Integer: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
caPool string: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connectTimeout number: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disableChunkedEncoding boolean: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2Origin boolean: Attempt to connect to origin using HTTP2. Origin must be configured as https.
httpHostHeader string: Sets the HTTP Host header on requests sent to the local service.
keepAliveConnections number: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keepAliveTimeout number: Timeout after which an idle keepalive connection can be discarded.
noHappyEyeballs boolean: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
noTlsVerify boolean: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
originServerName string: Hostname that cloudflared should expect from your origin server certificate.
proxyType string: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcpKeepAlive number: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tlsTimeout number: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
ca_pool str: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connect_timeout int: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disable_chunked_encoding bool: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2_origin bool: Attempt to connect to origin using HTTP2. Origin must be configured as https.
http_host_header str: Sets the HTTP Host header on requests sent to the local service.
keep_alive_connections int: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keep_alive_timeout int: Timeout after which an idle keepalive connection can be discarded.
no_happy_eyeballs bool: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
no_tls_verify bool: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
origin_server_name str: Hostname that cloudflared should expect from your origin server certificate.
proxy_type str: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcp_keep_alive int: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tls_timeout int: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access Property Map: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
caPool String: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connectTimeout Number: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disableChunkedEncoding Boolean: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2Origin Boolean: Attempt to connect to origin using HTTP2. Origin must be configured as https.
httpHostHeader String: Sets the HTTP Host header on requests sent to the local service.
keepAliveConnections Number: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keepAliveTimeout Number: Timeout after which an idle keepalive connection can be discarded.
noHappyEyeballs Boolean: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
noTlsVerify Boolean: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
originServerName String: Hostname that cloudflared should expect from your origin server certificate.
proxyType String: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcpKeepAlive Number: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tlsTimeout Number: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess

AudTags List<string>: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
Required bool: Deny traffic that has not fulfilled Access authorization.
TeamName string

AudTags []string: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
Required bool: Deny traffic that has not fulfilled Access authorization.
TeamName string

audTags List<String>: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required Boolean: Deny traffic that has not fulfilled Access authorization.
teamName String

audTags string[]: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required boolean: Deny traffic that has not fulfilled Access authorization.
teamName string

aud_tags Sequence[str]: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required bool: Deny traffic that has not fulfilled Access authorization.
team_name str

audTags List<String>: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required Boolean: Deny traffic that has not fulfilled Access authorization.
teamName String

GetZeroTrustTunnelCloudflaredConfigConfigWarpRouting

Enabled bool

Enabled bool

enabled Boolean

enabled boolean

enabled bool

enabled Boolean

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.0.0 published on Monday, Apr 14, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.getZeroTrustTunnelCloudflaredConfig

On this page

On this page

Example Usage

Using getZeroTrustTunnelCloudflaredConfig

getZeroTrustTunnelCloudflaredConfig Result

Supporting Types

GetZeroTrustTunnelCloudflaredConfigConfig

GetZeroTrustTunnelCloudflaredConfigConfigIngress

GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest

GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess

GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest

GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess

GetZeroTrustTunnelCloudflaredConfigConfigWarpRouting

Package Details

On this page

On this page