Cloudflared-windows-amd64.exe < FHD 2027 >

– Cloudflared does not listen on ports locally (it connects outbound). The error may be your local web server.

Invoke-WebRequest -Uri "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-windows-amd64.exe" -OutFile "$env:USERPROFILE\Downloads\cloudflared.exe" Move it to a permanent location, e.g., C:\cloudflared\cloudflared.exe , and add that folder to your PATH for easy access. Cloudflared needs to authenticate with your Cloudflare account.

cloudflared.exe service install This creates a service named “Cloudflare Tunnel Agent”. Start it:

Visit https://github.com/cloudflare/cloudflared/releases Look for the latest release and download: cloudflared-windows-amd64.exe amd64 means it’s for 64-bit Windows (most modern PCs). For 32-bit, use 386 . Alternative using command line (PowerShell as Admin): cloudflared-windows-amd64.exe

cloudflared.exe tunnel login A browser window will open. Log in to your Cloudflare account and select the domain you want to use. This generates a cert.pem file in %USERPROFILE%\.cloudflared\ . That certificate is your global API credential—keep it safe. Tunnels are persistent connections with their own configuration. Let’s create one.

Enter and its Windows executable: cloudflared-windows-amd64.exe . This tool creates secure, outbound-only tunnels from your Windows PC to Cloudflare’s global edge network. No open firewall ports. No static IP required. Just fast, encrypted access from anywhere.

If you run a web server on your Windows machine—whether for development, home automation, or a personal website—you know that exposing it to the internet can be risky. Port forwarding is messy, dynamic DNS is a hassle, and your ISP might block incoming traffic altogether. – Cloudflared does not listen on ports locally

Start small: run a one-off tunnel to a test website. Then graduate to a named tunnel with a custom domain and persistent Windows service. You’ll never mess with port forwarding again. Cloudflared is maintained by Cloudflare, Inc. This guide is unofficial but follows best practices as of 2025.

– Add cloudflared.exe as an exception in Windows Defender or your third-party AV.

First, ensure your config is ready. Then: For 32-bit, use 386

Now, route traffic to a local service. For example, if you run a web app on localhost:3000 :

net start cloudflared Or use the Services GUI ( services.msc ). The service automatically runs at boot. | Local Service | Example URL | Config service line | |------------------------|--------------------------------------|--------------------------------------| | IIS (default website) | http://localhost:80 | service: http://localhost:80 | | Node.js dev server | http://localhost:3000 | service: http://localhost:3000 | | Jellyfin / Plex | http://localhost:8096 | service: http://localhost:8096 | | SMB / RDP (via Access) | tcp://localhost:3389 | service: tcp://localhost:3389 | | SSH | tcp://localhost:22 | service: tcp://localhost:22 |

– Check logs: cloudflared.exe tunnel run --config C:\path\to\config.yml my-first-tunnel (run manually first).

cloudflared.exe tunnel route dns my-first-tunnel myapp.yourdomain.com This creates a DNS record at Cloudflare pointing to the tunnel. Create a configuration file config.yml in %USERPROFILE%\.cloudflared\ :

Open or PowerShell and navigate to where cloudflared.exe lives, then run: