2025-02-09
This article provides a step-by-step guide on how to run multiple
cloudflared instances on a single machine. A common use
case is managing multiple domains where one needs to be publicly
accessible while another remains private (e.g., via WARP). In such
cases, sharing a single tunnel and configuration file is not
feasible.
Note: This tutorial involves stopping the currently running
cloudflared process, which may lead to service downtime.
Please proceed with caution and run the commands at your own risk.
If you already have an existing cloudflared setup with
the default configuration files, rename the current certificate to avoid
overwriting it:
mv /root/.cloudflared/cert.pem /root/.cloudflared/cert_orig.pemAuthenticate cloudflared and install a new certificate
on the server:
cloudflared tunnel loginIf successful, you’ll be prompted to select a domain and install the
corresponding certificate at
/root/.cloudflared/cert.pem:
Please open the following URL and log in with your Cloudflare account:
<callback url>
Leave cloudflared running to download the cert automatically.
You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
/root/.cloudflared/cert.pemSince this is our second certificate, rename it for clarity:
mv /root/.cloudflared/cert.pem /root/.cloudflared/cert_test.pemCreate a new Cloudflare tunnel:
cloudflared tunnel create testExample output:
Tunnel credentials written to /root/.cloudflared/36216cb7-d0b4-4572-9fdf-c03d62b41778.json.
cloudflared chose this file based on where your origin certificate was found. Keep this file secret.
To revoke these credentials, delete the tunnel.
Created tunnel test with id 36216cb7-d0b4-4572-9fdf-c03d62b41778Now, create a configuration file for the test
instance:
cat <<EOF > /etc/cloudflared/config_test.yml
tunnel: 36216cb7-d0b4-4572-9fdf-c03d62b41778
credentials-file: /root/.cloudflared/36216cb7-d0b4-4572-9fdf-c03d62b41778.json
origincert: /root/.cloudflared/cert_test.pem
# Additional configurations can go here...
EOFAt this stage, we need to stop the running Cloudflare service and rename the existing configurations. This will temporarily disrupt the service, so proceed when ready.
First, stop the current Cloudflare service:
systemctl stop cloudflared.serviceNow, remove the old systemd service file:
rm /etc/systemd/system/cloudflared.serviceAnd rename the existing config:
mv /etc/cloudflared/config.yml /etc/cloudflared/config_orig.ymlNow, define a new systemd service file for the original instance:
cat <<EOF > /etc/systemd/system/cloudflared_orig.service
[Unit]
Description=cloudflared (orig)
After=network.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate --config /etc/cloudflared/config_orig.yml tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
EOFAnd a separate systemd service for the test instance:
cat <<EOF > /etc/systemd/system/cloudflared_test.service
[Unit]
Description=cloudflared (test)
After=network.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate --config /etc/cloudflared/config_test.yml tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
EOFReload systemd, enable the services, and start them:
systemctl daemon-reload
systemctl enable --now cloudflared_orig.service
systemctl enable --now cloudflared_test.serviceCheck if both services are running:
systemctl status cloudflared_orig.service
systemctl status cloudflared_test.serviceYour machine is now successfully running multiple Cloudflare instances and tunnels independently. Enjoy your setup!