← Back to catalog cloudflared · managed by DINAO

Expose your services without opening a single port

The secure tunnel powered by cloudflared, installed and monitored by DINAO. Your servers remain closed and invisible on the inbound side — the connection originates from your infrastructure to the Cloudflare network.

Monitored from FranceNo open portsEncrypted outbound connectionZero TrustOfficial publisher image
Overview

What is cloudflared?

cloudflared is the command-line client for Cloudflare Tunnel: a tunneling daemon that relays traffic from the Cloudflare network to your origin servers. Its principle reverses traditional network exposure: instead of opening ports on your firewall or publishing a public IP, the daemon establishes an encrypted and persistent outbound connection to Cloudflare's global network. Your origin can thus remain "as closed as possible".

In practice, cloudflared allows you to securely publish an internally hosted service (website, API, application) on the Internet, without touching the router configuration or exposing the server directly. This eliminates a whole class of risks — port scanning, direct attacks on the origin IP — and integrates natively with Cloudflare's WAF, anti-DDoS, and TLS protections.

The tool goes beyond simple HTTP proxying: via cloudflared access, it reaches origins protected by layer 4 traffic (SSH, RDP, and other TCP streams), in a Zero Trust logic. It is a cornerstone of the Cloudflare One offering for connecting private infrastructure without a traditional VPN.

On the technical side, cloudflared is written in Go and distributed as a standalone binary, Docker image, and packages. Its memory footprint is very low and it requires no database. DINAO deploys it as a container on your French infrastructure, configures the ingress rules, and monitors the tunnel continuously.

Compatible offers

Host cloudflared at DINAO

Resource tiers compatible with cloudflared prerequisites (minimum 0,25 vCPU / 64 Mo / 50 Mo). Hosted in France, fully managed.

Standard
2 vCPU · 4 Go · 40 Go
19,90 € /month excl. VAT
  • 2 dedicated vCPU
  • 4 Go RAM
  • 40 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Performance
4 vCPU · 8 Go · 80 Go
39,90 € /month excl. VAT
  • 4 dedicated vCPU
  • 8 Go RAM
  • 80 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Dédié
8 vCPU · 16 Go · 160 Go
79,90 € /month excl. VAT
  • 8 dedicated vCPU
  • 16 Go RAM
  • 160 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Under the hood

Technical details

vCPU
0,25 vCPU
ideal : 0,5 vCPU
Memory
64 Mo
ideal : 128 Mo
Disk
50 Mo
ideal : 100 Mo
Image : cloudflare/cloudflared:latest Registry : docker.io Services : cloudflared Ports :
FAQ

You might be wondering…

Do I need to open ports on my firewall?

No, that's the whole point: the connection is outbound only. No inbound ports to open, your server remains closed and invisible.

Does Cloudflared expose my origin IP?

No. The origin remains hidden behind the Cloudflare network, which eliminates port scanning and direct attacks on the IP.

Can you tunnel anything other than HTTP?

Yes: SSH, RDP, and other TCP streams via cloudflared access (layer 4), in a Zero Trust logic, without a classic VPN.

Does the traffic transit through Cloudflare?

Yes. The tunnel connects your origin — hosted in France and monitored by DINAO — to the Cloudflare network, which provides WAF and anti-DDoS. Note that in a sovereignty context: traffic termination depends on the Cloudflare network (a US entity).

Does DINAO handle installation and updates?

Yes. DINAO installs the daemon as a container, configures ingress rules, applies updates, and monitors the tunnel continuously with alerts in case of outage.