Run Cloudflare Tunnel for Lando service container

Run Cloudflare Tunnel for Lando service container

How to spin up a cloudflared tunnel and let others connect to your local Lando services.

Roman Zipp, June 7th, 2023

This post will guide you through creating a Cloudflare Tunnel for a local Lando service container.


You will need...

  • A Cloudflare account

  • A domain connected to your Cloudflare account which will be used to route external traffic

  • Lando with a configured project

Create Tunnel

  1. Create a new directory .cloudflare in your project root

  2. Authorize Argo Tunnel for Domain

    • Select your domain

    • A file cert.pem will be starting to download

  3. Store cert.pem in .cloudflare/

  4. Run cloudflared tunnel --config=.cloudflare/config.yml --origincert=./.cloudflare/cert.pem create "RabbitHole"

  5. The output should be

    Created tunnel RabbitHole with id <TUNNEL-ID>

  6. Set the value of the tunnel attribute in .cloudflare/config.yml to the previously returned <TUNNEL-ID>

    For example tunnel: fbedd849-eadc-47f1-82aa-02458008fd2f

  7. Create DNS CNAME record with any custom subdomain (like "local.domain.tld") pointing to <TUNNEL-ID>

  8. Start Tunnel via the script below

Start Tunnel

In my case I want to expose the appserver_nginx Lando service to the tunnel.

cloudflared tunnel \
  --config=.cloudflare/config.yml \
  --origincert=./.cloudflare/cert.pem \
  run \
  --url=$(lando info --filter "service=appserver_nginx" --format json | jq '.[0].urls[1]' | sed 's/\"//g')

You can debug all requests using the --loglevel debug flag.


You should now reach your Lando service externally using your previously added CNAME DNS record ("local.domain.tld").