cloudflare.getZeroTrustTunnelCloudflaredConfig

Cloudflare v6.13.0, Jan 21 26

Viewing docs for Cloudflare v6.13.0
published on Wednesday, Jan 21, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-cloudflare

Viewing docs for Cloudflare v6.13.0
published on Wednesday, Jan 21, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-cloudflare

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleZeroTrustTunnelCloudflaredConfig = cloudflare.getZeroTrustTunnelCloudflaredConfig({
    accountId: "023e105f4ecef8ad9ca31a8372d0c353",
    tunnelId: "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
});

import pulumi
import pulumi_cloudflare as cloudflare

example_zero_trust_tunnel_cloudflared_config = cloudflare.get_zero_trust_tunnel_cloudflared_config(account_id="023e105f4ecef8ad9ca31a8372d0c353",
    tunnel_id="f70ff985-a4ef-4643-bbbc-4a0ed4fc8415")

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.LookupZeroTrustTunnelCloudflaredConfig(ctx, &cloudflare.LookupZeroTrustTunnelCloudflaredConfigArgs{
			AccountId: "023e105f4ecef8ad9ca31a8372d0c353",
			TunnelId:  "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleZeroTrustTunnelCloudflaredConfig = Cloudflare.GetZeroTrustTunnelCloudflaredConfig.Invoke(new()
    {
        AccountId = "023e105f4ecef8ad9ca31a8372d0c353",
        TunnelId = "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import com.pulumi.cloudflare.inputs.GetZeroTrustTunnelCloudflaredConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleZeroTrustTunnelCloudflaredConfig = CloudflareFunctions.getZeroTrustTunnelCloudflaredConfig(GetZeroTrustTunnelCloudflaredConfigArgs.builder()
            .accountId("023e105f4ecef8ad9ca31a8372d0c353")
            .tunnelId("f70ff985-a4ef-4643-bbbc-4a0ed4fc8415")
            .build());

    }
}

variables:
  exampleZeroTrustTunnelCloudflaredConfig:
    fn::invoke:
      function: cloudflare:getZeroTrustTunnelCloudflaredConfig
      arguments:
        accountId: 023e105f4ecef8ad9ca31a8372d0c353
        tunnelId: f70ff985-a4ef-4643-bbbc-4a0ed4fc8415

Using getZeroTrustTunnelCloudflaredConfig

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getZeroTrustTunnelCloudflaredConfig(args: GetZeroTrustTunnelCloudflaredConfigArgs, opts?: InvokeOptions): Promise<GetZeroTrustTunnelCloudflaredConfigResult>
function getZeroTrustTunnelCloudflaredConfigOutput(args: GetZeroTrustTunnelCloudflaredConfigOutputArgs, opts?: InvokeOptions): Output<GetZeroTrustTunnelCloudflaredConfigResult>

def get_zero_trust_tunnel_cloudflared_config(account_id: Optional[str] = None,
                                             tunnel_id: Optional[str] = None,
                                             opts: Optional[InvokeOptions] = None) -> GetZeroTrustTunnelCloudflaredConfigResult
def get_zero_trust_tunnel_cloudflared_config_output(account_id: Optional[pulumi.Input[str]] = None,
                                             tunnel_id: Optional[pulumi.Input[str]] = None,
                                             opts: Optional[InvokeOptions] = None) -> Output[GetZeroTrustTunnelCloudflaredConfigResult]

func LookupZeroTrustTunnelCloudflaredConfig(ctx *Context, args *LookupZeroTrustTunnelCloudflaredConfigArgs, opts ...InvokeOption) (*LookupZeroTrustTunnelCloudflaredConfigResult, error)
func LookupZeroTrustTunnelCloudflaredConfigOutput(ctx *Context, args *LookupZeroTrustTunnelCloudflaredConfigOutputArgs, opts ...InvokeOption) LookupZeroTrustTunnelCloudflaredConfigResultOutput

> Note: This function is named LookupZeroTrustTunnelCloudflaredConfig in the Go SDK.

public static class GetZeroTrustTunnelCloudflaredConfig 
{
    public static Task<GetZeroTrustTunnelCloudflaredConfigResult> InvokeAsync(GetZeroTrustTunnelCloudflaredConfigArgs args, InvokeOptions? opts = null)
    public static Output<GetZeroTrustTunnelCloudflaredConfigResult> Invoke(GetZeroTrustTunnelCloudflaredConfigInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetZeroTrustTunnelCloudflaredConfigResult> getZeroTrustTunnelCloudflaredConfig(GetZeroTrustTunnelCloudflaredConfigArgs args, InvokeOptions options)
public static Output<GetZeroTrustTunnelCloudflaredConfigResult> getZeroTrustTunnelCloudflaredConfig(GetZeroTrustTunnelCloudflaredConfigArgs args, InvokeOptions options)

fn::invoke:
  function: cloudflare:index/getZeroTrustTunnelCloudflaredConfig:getZeroTrustTunnelCloudflaredConfig
  arguments:
    # arguments dictionary

The following arguments are supported:

AccountId string: Identifier.
TunnelId string: UUID of the tunnel.

AccountId string: Identifier.
TunnelId string: UUID of the tunnel.

accountId String: Identifier.
tunnelId String: UUID of the tunnel.

accountId string: Identifier.
tunnelId string: UUID of the tunnel.

account_id str: Identifier.
tunnel_id str: UUID of the tunnel.

accountId String: Identifier.
tunnelId String: UUID of the tunnel.

getZeroTrustTunnelCloudflaredConfig Result

The following output properties are available:

AccountId string: Identifier.
Config GetZeroTrustTunnelCloudflaredConfigConfig: The tunnel configuration and ingress rules.
CreatedAt string
Id string: The provider-assigned unique ID for this managed resource.
Source string: Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard. Available values: "local", "cloudflare".
TunnelId string: UUID of the tunnel.
Version int: The version of the Tunnel Configuration.

AccountId string: Identifier.
Config GetZeroTrustTunnelCloudflaredConfigConfig: The tunnel configuration and ingress rules.
CreatedAt string
Id string: The provider-assigned unique ID for this managed resource.
Source string: Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard. Available values: "local", "cloudflare".
TunnelId string: UUID of the tunnel.
Version int: The version of the Tunnel Configuration.

accountId String: Identifier.
config GetZeroTrustTunnelCloudflaredConfigConfig: The tunnel configuration and ingress rules.
createdAt String
id String: The provider-assigned unique ID for this managed resource.
source String: Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard. Available values: "local", "cloudflare".
tunnelId String: UUID of the tunnel.
version Integer: The version of the Tunnel Configuration.

accountId string: Identifier.
config GetZeroTrustTunnelCloudflaredConfigConfig: The tunnel configuration and ingress rules.
createdAt string
id string: The provider-assigned unique ID for this managed resource.
source string: Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard. Available values: "local", "cloudflare".
tunnelId string: UUID of the tunnel.
version number: The version of the Tunnel Configuration.

account_id str: Identifier.
config GetZeroTrustTunnelCloudflaredConfigConfig: The tunnel configuration and ingress rules.
created_at str
id str: The provider-assigned unique ID for this managed resource.
source str: Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard. Available values: "local", "cloudflare".
tunnel_id str: UUID of the tunnel.
version int: The version of the Tunnel Configuration.

accountId String: Identifier.
config Property Map: The tunnel configuration and ingress rules.
createdAt String
id String: The provider-assigned unique ID for this managed resource.
source String: Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel's configuration on the Zero Trust dashboard. Available values: "local", "cloudflare".
tunnelId String: UUID of the tunnel.
version Number: The version of the Tunnel Configuration.

Supporting Types

GetZeroTrustTunnelCloudflaredConfigConfig

Ingresses List<GetZeroTrustTunnelCloudflaredConfigConfigIngress>: List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
OriginRequest GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

Ingresses []GetZeroTrustTunnelCloudflaredConfigConfigIngress: List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
OriginRequest GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

ingresses List<GetZeroTrustTunnelCloudflaredConfigConfigIngress>: List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
originRequest GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

ingresses GetZeroTrustTunnelCloudflaredConfigConfigIngress[]: List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
originRequest GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

ingresses Sequence[GetZeroTrustTunnelCloudflaredConfigConfigIngress]: List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
origin_request GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

ingresses List<Property Map>: List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
originRequest Property Map: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

GetZeroTrustTunnelCloudflaredConfigConfigIngress

Hostname string: Public hostname for this service.
OriginRequest GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
Path string: Requests with this path route to this public hostname.
Service string: Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code httpstatus:[code] e.g. 'httpstatus:404'.

Hostname string: Public hostname for this service.
OriginRequest GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
Path string: Requests with this path route to this public hostname.
Service string: Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code httpstatus:[code] e.g. 'httpstatus:404'.

hostname String: Public hostname for this service.
originRequest GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
path String: Requests with this path route to this public hostname.
service String: Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code httpstatus:[code] e.g. 'httpstatus:404'.

hostname string: Public hostname for this service.
originRequest GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
path string: Requests with this path route to this public hostname.
service string: Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code httpstatus:[code] e.g. 'httpstatus:404'.

hostname str: Public hostname for this service.
origin_request GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
path str: Requests with this path route to this public hostname.
service str: Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code httpstatus:[code] e.g. 'httpstatus:404'.

hostname String: Public hostname for this service.
originRequest Property Map: Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
path String: Requests with this path route to this public hostname.
service String: Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code httpstatus:[code] e.g. 'httpstatus:404'.

GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest

Access GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
CaPool string: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
ConnectTimeout int: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
DisableChunkedEncoding bool: Disables chunked transfer encoding. Useful if you are running a WSGI server.
Http2Origin bool: Attempt to connect to origin using HTTP2. Origin must be configured as https.
HttpHostHeader string: Sets the HTTP Host header on requests sent to the local service.
KeepAliveConnections int: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
KeepAliveTimeout int: Timeout after which an idle keepalive connection can be discarded.
MatchSnItoHost bool: Auto configure the Hostname on the origin server certificate.
NoHappyEyeballs bool: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
NoTlsVerify bool: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
OriginServerName string: Hostname that cloudflared should expect from your origin server certificate.
ProxyType string: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
TcpKeepAlive int: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
TlsTimeout int: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

Access GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
CaPool string: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
ConnectTimeout int: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
DisableChunkedEncoding bool: Disables chunked transfer encoding. Useful if you are running a WSGI server.
Http2Origin bool: Attempt to connect to origin using HTTP2. Origin must be configured as https.
HttpHostHeader string: Sets the HTTP Host header on requests sent to the local service.
KeepAliveConnections int: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
KeepAliveTimeout int: Timeout after which an idle keepalive connection can be discarded.
MatchSnItoHost bool: Auto configure the Hostname on the origin server certificate.
NoHappyEyeballs bool: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
NoTlsVerify bool: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
OriginServerName string: Hostname that cloudflared should expect from your origin server certificate.
ProxyType string: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
TcpKeepAlive int: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
TlsTimeout int: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
caPool String: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connectTimeout Integer: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disableChunkedEncoding Boolean: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2Origin Boolean: Attempt to connect to origin using HTTP2. Origin must be configured as https.
httpHostHeader String: Sets the HTTP Host header on requests sent to the local service.
keepAliveConnections Integer: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keepAliveTimeout Integer: Timeout after which an idle keepalive connection can be discarded.
matchSnItoHost Boolean: Auto configure the Hostname on the origin server certificate.
noHappyEyeballs Boolean: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
noTlsVerify Boolean: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
originServerName String: Hostname that cloudflared should expect from your origin server certificate.
proxyType String: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcpKeepAlive Integer: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tlsTimeout Integer: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
caPool string: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connectTimeout number: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disableChunkedEncoding boolean: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2Origin boolean: Attempt to connect to origin using HTTP2. Origin must be configured as https.
httpHostHeader string: Sets the HTTP Host header on requests sent to the local service.
keepAliveConnections number: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keepAliveTimeout number: Timeout after which an idle keepalive connection can be discarded.
matchSnItoHost boolean: Auto configure the Hostname on the origin server certificate.
noHappyEyeballs boolean: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
noTlsVerify boolean: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
originServerName string: Hostname that cloudflared should expect from your origin server certificate.
proxyType string: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcpKeepAlive number: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tlsTimeout number: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
ca_pool str: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connect_timeout int: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disable_chunked_encoding bool: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2_origin bool: Attempt to connect to origin using HTTP2. Origin must be configured as https.
http_host_header str: Sets the HTTP Host header on requests sent to the local service.
keep_alive_connections int: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keep_alive_timeout int: Timeout after which an idle keepalive connection can be discarded.
match_sn_ito_host bool: Auto configure the Hostname on the origin server certificate.
no_happy_eyeballs bool: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
no_tls_verify bool: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
origin_server_name str: Hostname that cloudflared should expect from your origin server certificate.
proxy_type str: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcp_keep_alive int: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tls_timeout int: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access Property Map: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
caPool String: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connectTimeout Number: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disableChunkedEncoding Boolean: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2Origin Boolean: Attempt to connect to origin using HTTP2. Origin must be configured as https.
httpHostHeader String: Sets the HTTP Host header on requests sent to the local service.
keepAliveConnections Number: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keepAliveTimeout Number: Timeout after which an idle keepalive connection can be discarded.
matchSnItoHost Boolean: Auto configure the Hostname on the origin server certificate.
noHappyEyeballs Boolean: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
noTlsVerify Boolean: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
originServerName String: Hostname that cloudflared should expect from your origin server certificate.
proxyType String: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcpKeepAlive Number: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tlsTimeout Number: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess

AudTags List<string>: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
Required bool: Deny traffic that has not fulfilled Access authorization.
TeamName string

AudTags []string: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
Required bool: Deny traffic that has not fulfilled Access authorization.
TeamName string

audTags List<String>: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required Boolean: Deny traffic that has not fulfilled Access authorization.
teamName String

audTags string[]: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required boolean: Deny traffic that has not fulfilled Access authorization.
teamName string

aud_tags Sequence[str]: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required bool: Deny traffic that has not fulfilled Access authorization.
team_name str

audTags List<String>: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required Boolean: Deny traffic that has not fulfilled Access authorization.
teamName String

GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest

Access GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
CaPool string: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
ConnectTimeout int: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
DisableChunkedEncoding bool: Disables chunked transfer encoding. Useful if you are running a WSGI server.
Http2Origin bool: Attempt to connect to origin using HTTP2. Origin must be configured as https.
HttpHostHeader string: Sets the HTTP Host header on requests sent to the local service.
KeepAliveConnections int: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
KeepAliveTimeout int: Timeout after which an idle keepalive connection can be discarded.
MatchSnItoHost bool: Auto configure the Hostname on the origin server certificate.
NoHappyEyeballs bool: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
NoTlsVerify bool: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
OriginServerName string: Hostname that cloudflared should expect from your origin server certificate.
ProxyType string: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
TcpKeepAlive int: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
TlsTimeout int: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

Access GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
CaPool string: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
ConnectTimeout int: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
DisableChunkedEncoding bool: Disables chunked transfer encoding. Useful if you are running a WSGI server.
Http2Origin bool: Attempt to connect to origin using HTTP2. Origin must be configured as https.
HttpHostHeader string: Sets the HTTP Host header on requests sent to the local service.
KeepAliveConnections int: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
KeepAliveTimeout int: Timeout after which an idle keepalive connection can be discarded.
MatchSnItoHost bool: Auto configure the Hostname on the origin server certificate.
NoHappyEyeballs bool: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
NoTlsVerify bool: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
OriginServerName string: Hostname that cloudflared should expect from your origin server certificate.
ProxyType string: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
TcpKeepAlive int: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
TlsTimeout int: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
caPool String: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connectTimeout Integer: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disableChunkedEncoding Boolean: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2Origin Boolean: Attempt to connect to origin using HTTP2. Origin must be configured as https.
httpHostHeader String: Sets the HTTP Host header on requests sent to the local service.
keepAliveConnections Integer: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keepAliveTimeout Integer: Timeout after which an idle keepalive connection can be discarded.
matchSnItoHost Boolean: Auto configure the Hostname on the origin server certificate.
noHappyEyeballs Boolean: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
noTlsVerify Boolean: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
originServerName String: Hostname that cloudflared should expect from your origin server certificate.
proxyType String: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcpKeepAlive Integer: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tlsTimeout Integer: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
caPool string: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connectTimeout number: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disableChunkedEncoding boolean: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2Origin boolean: Attempt to connect to origin using HTTP2. Origin must be configured as https.
httpHostHeader string: Sets the HTTP Host header on requests sent to the local service.
keepAliveConnections number: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keepAliveTimeout number: Timeout after which an idle keepalive connection can be discarded.
matchSnItoHost boolean: Auto configure the Hostname on the origin server certificate.
noHappyEyeballs boolean: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
noTlsVerify boolean: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
originServerName string: Hostname that cloudflared should expect from your origin server certificate.
proxyType string: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcpKeepAlive number: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tlsTimeout number: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
ca_pool str: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connect_timeout int: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disable_chunked_encoding bool: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2_origin bool: Attempt to connect to origin using HTTP2. Origin must be configured as https.
http_host_header str: Sets the HTTP Host header on requests sent to the local service.
keep_alive_connections int: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keep_alive_timeout int: Timeout after which an idle keepalive connection can be discarded.
match_sn_ito_host bool: Auto configure the Hostname on the origin server certificate.
no_happy_eyeballs bool: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
no_tls_verify bool: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
origin_server_name str: Hostname that cloudflared should expect from your origin server certificate.
proxy_type str: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcp_keep_alive int: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tls_timeout int: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

access Property Map: For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
caPool String: Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
connectTimeout Number: Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
disableChunkedEncoding Boolean: Disables chunked transfer encoding. Useful if you are running a WSGI server.
http2Origin Boolean: Attempt to connect to origin using HTTP2. Origin must be configured as https.
httpHostHeader String: Sets the HTTP Host header on requests sent to the local service.
keepAliveConnections Number: Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
keepAliveTimeout Number: Timeout after which an idle keepalive connection can be discarded.
matchSnItoHost Boolean: Auto configure the Hostname on the origin server certificate.
noHappyEyeballs Boolean: Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
noTlsVerify Boolean: Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
originServerName String: Hostname that cloudflared should expect from your origin server certificate.
proxyType String: cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
tcpKeepAlive Number: The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
tlsTimeout Number: Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess

AudTags List<string>: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
Required bool: Deny traffic that has not fulfilled Access authorization.
TeamName string

AudTags []string: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
Required bool: Deny traffic that has not fulfilled Access authorization.
TeamName string

audTags List<String>: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required Boolean: Deny traffic that has not fulfilled Access authorization.
teamName String

audTags string[]: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required boolean: Deny traffic that has not fulfilled Access authorization.
teamName string

aud_tags Sequence[str]: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required bool: Deny traffic that has not fulfilled Access authorization.
team_name str

audTags List<String>: Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
required Boolean: Deny traffic that has not fulfilled Access authorization.
teamName String

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Viewing docs for Cloudflare v6.13.0
published on Wednesday, Jan 21, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-cloudflare

cloudflare.getZeroTrustTunnelCloudflaredConfig

On this page

On this page

Example Usage

Using getZeroTrustTunnelCloudflaredConfig

getZeroTrustTunnelCloudflaredConfig Result

Supporting Types

GetZeroTrustTunnelCloudflaredConfigConfig

GetZeroTrustTunnelCloudflaredConfigConfigIngress

GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest

GetZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequestAccess

GetZeroTrustTunnelCloudflaredConfigConfigOriginRequest

GetZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess

Package Details

On this page

On this page