← knowledge.oriz.in

Cloudflare Tunnel (cloudflared)

service servicesdev-toolstunnelcloudflarewebhook-testingprimary

Cloudflare Tunnel (cloudflared)

Role

Exposes a localhost:<port> server on the user's machine to a persistent public *.oriz.in hostname so that external webhook senders (Razorpay, GitHub, Bluesky AT Protocol firehose, EmailOctopus, etc.) can reach the in-flight Worker / site during development.

Picked over ngrok / localtunnel / serveo on free-tier persistent hostname + same-vendor + zero-card grounds — see decisions/architecture/local-dev-tunneling-cf-tunnel.

Free tier

Card / subscription required?

NO. Free as part of any Cloudflare account. The family already has a Cloudflare account for Cloudflare Pages, Workers, DNS, Email Routing, and WAFcloudflared adds zero new vendor surface.

Use shape

# One-time setup per developer machine
winget install cloudflare.cloudflared          # Windows
brew install cloudflared                        # macOS
cloudflared tunnel login                        # browser-auths into the CF account
cloudflared tunnel create dev-oriz              # mints tunnel UUID + creds.json
cloudflared tunnel route dns dev-oriz dev.oriz.in   # binds hostname

# Per-session — point dev.oriz.in at whichever local port
cloudflared tunnel run --url http://localhost:8787 dev-oriz

Or via ~/.cloudflared/config.yml for multi-route ingress:

tunnel: dev-oriz
credentials-file: ~/.cloudflared/<UUID>.json
ingress:
  - hostname: dev.oriz.in
    service: http://localhost:8787    # Worker dev
  - hostname: dev-blog.oriz.in
    service: http://localhost:3000    # Astro site dev
  - service: http_status:404

cloudflared tunnel run dev-oriz then routes both hostnames in parallel.

Why this is our pick

Alternatives

Swap cost

Low — cloudflared is one binary + one config file. Swapping to a hypothetical alternative is changing the start script in each repo's package.json. Webhook URL re-registration cost depends on the sender (Razorpay UI, GitHub repo settings) but is a one-time per-sender lift.

Quota / failure modes

Security posture

Cross-refs