Managing Cloudflare tunnels directly from a VS Code extension has never been easier. Streamline your development workflow by creating and managing permanent and quick tunnels without leaving your IDE.
- Features
- Prerequisites
- Getting Started
- Extension Commands
- Troubleshooting
- Security
- Contributing
- License
- Support
- Installing Cloudflare Tunnel CLI
- Manage multiple Cloudflare profiles with API keys
- Securely store API keys using VS Code's built-in secret storage
- Switch between profiles easily
- Each profile maintains its own configuration and tunnels
- View all your Cloudflare tunnels with status indicators
- Start and stop tunnels
- Manage permanent and quick tunnels
- Securely access tunnel tokens for configuration
- View detailed tunnel information
- Run tunnels with persistent background operation
- Generate Docker Compose files for any tunnel with one click
- Secure token management through environment files
- Support for both host and container-based services
- Easy network configuration for Docker environments
- Simple start/stop commands with docker compose
- Built-in system service support for running tunnels as system services
- VS Code (v1.85.0 or higher)
- A Cloudflare account with API key access
- Cloudflare Tunnel CLI (
cloudflared) installed - (Optional) Docker and Docker Compose for containerized tunnels
- Open VS Code
- Go to Extensions (Ctrl+Shift+X / Cmd+Shift+X)
- Search for "Tunnelfy"
- Click Install
- Follow the instructions in the Installing Cloudflare Tunnel CLI (
cloudflared) section
- Click the cloud icon in the activity bar
- Click the + button in the Profiles section
- Enter a name for your profile
- Enter your Cloudflare API key. You can create one by:
- Navigating to the Cloudflare Dashboard
- Clicking on the "My Profile" icon
- Clicking on "API Tokens"
- Clicking on "Create Token"
- Selecting the following permissions:
- Account: Account Settings: Read
- Account: Cloudflare Tunnel: Edit
- Zone: DNS: Edit
- Client IP Address Filtering (OPTIONAL but recommended):
- Operator: Is in
- Value:
Your IP Address(Can be found with https://nordvpn.com/what-is-my-ip) - The API key will be stored securely and never displayed again
- Click the + button in the Tunnels section
- Enter a name for your tunnel
- Once created, you can:
- Start and stop the tunnel
- View tunnel information and sample configuration setups
- Copy the tunnel token
- Delete the tunnel
- Generate Docker Compose configuration
- Click the + button in the Quick Tunnels section
- Configure your local service details:
- Port number
- Once running, you can:
- Copy the Cloudflare-assigned hostname
- Stop the tunnel
Built-in Docker support for running tunnels in containers:
- Hover over any tunnel in the Persistent Tunnels view
- Click the Docker icon (leftmost button)
- Two files will be generated and opened in your editor:
docker-compose.<tunnel-name>.yml- The Docker Compose configurationcloudflare.<tunnel-name>.env- Contains the secure tunnel token
- Built-in system service support for running tunnels as system services
-
Rename the compose file:
mv docker-compose.<tunnel-name>.yml docker-compose.yml
-
Start the tunnel:
docker compose up -d
-
Stop the tunnel:
docker compose down
-
Secure Token Management
- Tunnel token stored in separate environment file
- Environment file automatically loaded by Docker Compose
- Easy to add to
.gitignorefor security
-
Service Connection Options
- Default: Connects to services on your host machine via
host.docker.internal - Optional: Connect to other Docker services using Docker networks
- Configurable URL and port settings
- Default: Connects to services on your host machine via
-
Container Management
- Automatic container restart on failure
- Clean shutdown with compose down
- Standard Docker Compose workflow
The generated Docker Compose file is simple and focused:
services:
your-tunnel:
image: cloudflare/cloudflared:latest
command: tunnel --no-autoupdate --url http://host.docker.internal:8080 run
env_file:
- cloudflare.your-tunnel.env
restart: unless-stoppedTo connect to other Docker services, you can add network configuration as documented in the generated file.
Built-in system service support for running tunnels as system services:
- Hover over any tunnel in the Persistent Tunnels view
- Click the gear icon (rightmost button)
- Two files will be generated and opened in your editor:
cloudflared-<tunnel-name>.service- The systemd service configurationcloudflared-<tunnel-name>.env- Contains the secure tunnel token
-
Copy the service file to the systemd directory:
sudo cp cloudflared-<tunnel-name>.service /etc/systemd/system/
-
Create the environment file directory and copy the env file:
sudo mkdir -p /etc/cloudflared sudo cp cloudflared-<tunnel-name>.env /etc/cloudflared/
-
Set proper permissions:
sudo chown root:root /etc/systemd/system/cloudflared-<tunnel-name>.service sudo chmod 644 /etc/systemd/system/cloudflared-<tunnel-name>.service sudo chown cloudflared:cloudflared /etc/cloudflared/cloudflared-<tunnel-name>.env sudo chmod 600 /etc/cloudflared/cloudflared-<tunnel-name>.env
-
Start the service:
sudo systemctl daemon-reload sudo systemctl enable cloudflared-<tunnel-name> sudo systemctl start cloudflared-<tunnel-name>
-
Secure Configuration
- Service runs as dedicated cloudflared user
- Environment file with restricted permissions
- Systemd security hardening options enabled
-
Service Management
- Automatic service startup on boot
- Automatic restart on failure
- Standard systemd service controls
- Proper logging to system journal
-
Security Hardening
- Protected system and home directories
- Private /tmp directory
- No new privileges escalation
- Restricted service user permissions
The generated service file includes comprehensive security settings:
[Unit]
Description=Cloudflare Tunnel - <tunnel-name>
After=network.target
StartLimitIntervalSec=0
[Service]
Type=simple
User=cloudflared
Group=cloudflared
Restart=always
RestartSec=1
EnvironmentFile=/etc/cloudflared/cloudflared-<tunnel-name>.env
ExecStart=/usr/local/bin/cloudflared tunnel --no-autoupdate --url http://localhost:<port> run
# Hardening options
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
NoNewPrivileges=true
[Install]
WantedBy=multi-user.targetSeveral commands are accessible via the Command Palette (Ctrl+Shift+P / Cmd+Shift+P):
Tunnelfy: Create Profile- Create a new Cloudflare profile with an API keyTunnelfy: Switch Profile- Switch between Cloudflare profilesTunnelfy: Delete Profile- Delete a Cloudflare profile
Tunnelfy: Create Tunnel- Create a new permanent tunnelTunnelfy: Refresh Tunnels- Refresh the list of tunnelsTunnelfy: Start Tunnel- Start a tunnelTunnelfy: Stop Tunnel- Stop a tunnelTunnelfy: View Tunnel Info- View detailed information about a tunnelTunnelfy: Copy Tunnel Token- Copy the token of a tunnelTunnelfy: Delete Tunnel- Delete a tunnelTunnelfy: Generate Docker Compose- Generate Docker Compose files for running the tunnel in Docker
Tunnelfy: Create Quick Tunnel- Create a new quick tunnelTunnelfy: Copy Quick Tunnel URL- Copy the URL of a quick tunnelTunnelfy: Stop Quick Tunnel- Stop a quick tunnel
Tunnelfy: Generate Docker Compose- Generate Docker Compose files for running the tunnel as a Docker service
- Hover over a tunnel in the Persistent Tunnels view
- Click the Docker icon (leftmost button)
- A
docker-compose.{tunnel-name}.ymlfile will be generated in your workspace
The generated Docker Compose file includes:
- A service running the Cloudflare tunnel with your tunnel token
- A placeholder service for your application
- A shared network for communication between services
Example Docker Compose file:
version: "3"
services:
my-tunnel:
image: cloudflare/cloudflared:latest
command: tunnel --no-autoupdate run
environment:
- TUNNEL_TOKEN=your-tunnel-token
restart: unless-stopped
networks:
- tunnel-net
app:
# Replace this with your application's image and configuration
image: your-app-image:latest
ports:
- "8080:8080"
networks:
- tunnel-net
networks:
tunnel-net:
driver: bridgeTo use the generated file:
- Replace
your-app-image:latestwith your actual application image - Add any necessary environment variables or volumes for your app
- Run
docker-compose -f docker-compose.{tunnel-name}.yml up -d
-
Invalid API Key
- Make sure your API key has the correct permissions (Cloudflare Tunnel:Edit)
- Verify the API key is still active in your Cloudflare dashboard
- Try creating a new API key if issues persist
-
Profile Switching Issues
- Ensure the API key for the profile is still valid
- Check your internet connection
- Try deleting and recreating the profile if issues persist
-
Tunnel Creation Fails
- Verify your API key has sufficient permissions
- Check if you've reached your account's tunnel limit
- Ensure you have a stable internet connection
-
Connecting Tunnels to Domains/Subdomains
- Ensure you have a persistent tunnel created with any display name you choose.
- Your list of domains/subdomains will not be presented until you run a tunnel.
-
Quick Tunnel Issues
- Verify cloudflared is installed and accessible
- Check if the port is already in use
- Look for rate limiting messages in the output
- Ensure you have a stable internet connection
-
Development Environment Issues
- Run
npm installto ensure all dependencies are installed - Clear the VS Code extension development host:
rm -rf .vscode-test - Check the extension logs in the Output panel
- Verify cloudflared installation and permissions
- Run
-
Persistent Tunnel Disappears When Extension is Closed
- This is expected behavior. The tunnel will remain running in the background.
- For persistent tunnel setups:
- use the
Tunnelfy: Generate Docker Composecommand to create a Docker Compose file for your tunnel. - use a system service (systemd, etc) to start the tunnel on boot (File generation in future updates).
- use the
- API keys are stored securely using VS Code's built-in secret storage
- Keys are never displayed after initial entry
- Each profile maintains its own isolated API key
- No sensitive data is stored in plain text
We welcome contributions! Here's how you can help:
-
Fork the Repository
- Create a fork of the repository
- Clone your fork locally
-
Set Up Development Environment
# Install dependencies npm install npm install -g yo generator-code # Install recommended VS Code extensions code --install-extension dbaeumer.vscode-eslint code --install-extension esbenp.prettier-vscode
-
Create a Feature Branch
git checkout -b feature/your-feature
-
Make Your Changes
- Write code following our style guidelines
- Add tests for new functionality
- Update documentation as needed
-
Test Your Changes
# Run the test suite npm test # Run ESLint npm run lint
-
Create a Pull Request
- Push your changes to your fork
- Create a pull request to our development branch
- Follow the pull request template
- Wait for review and address any feedback
For more detailed information about development, please see our Development Guide.
This project is licensed under the MIT License - see the LICENSE file for details.
If you encounter any issues or have suggestions, please:
- Check the Troubleshooting section
- View the extension logs
- Open an issue on GitHub
- Email info@tunnelfy.com if all else fails (response time will be slow)
Cloudflare Tunnel CLI (cloudflared) allows you to securely control exposing local applications to the internet without opening firewall ports. It is an essential part of Tunnelfy functionality.
sudo apt update && sudo apt install -y curl
curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o cloudflared
sudo chmod +x cloudflared
sudo mv cloudflared /usr/local/bin/
cloudflared --versionsudo dnf install -y curl
curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o cloudflared
sudo chmod +x cloudflared
sudo mv cloudflared /usr/local/bin/
cloudflared --versionyay -S cloudflared-bin
cloudflared --version- Download the latest Cloudflare Tunnel client from:
- Run the installer and follow the prompts.
- Verify installation in Command Prompt or PowerShell:
cloudflared --versionchoco install cloudflared
cloudflared --versionwinget install Cloudflare.cloudflared
cloudflared --versionbrew install cloudflare/cloudflare/cloudflared
brew services start cloudflared
cloudflared --version