Cloudflare 中文文档
Learning Paths
Cloudflare 中文文档
Deploy Zero Trust Web Access (Learning Path)
编辑这个页面
跳转官方原文档
Set theme to dark (⇧+D)
  1. Learning Paths
  2. Deploy Zero Trust Web Access
  3. Terraform automation
  4. Publish applications with Terraform

Publish applications with Terraform

  3 min read

This guide covers how to use the Cloudflare Terraform provider to quickly publish and secure a private application. In the following example, we will add a new public hostname route to an existing Cloudflare Tunnel, configure how cloudflared proxies traffic to the application, and secure the application with Cloudflare Access.

​​ Prerequisites

​​ 1. Create a Terraform configuration directory

Terraform functions through a working directory that contains configuration files. You can store your configuration in multiple files or just one — Terraform will evaluate all of the configuration files in the directory as if they were in a single document.

  1. Create a folder for your Terraform configuration:

  2. Change into the directory:

​​ 2. Declare providers and variables

Create a .tf file and copy-paste the following example. Fill in your API token, account and zone information, and Tunnel ID.

Find the Tunnel ID
  1. In Zero Trust, go to Networks > Tunnels.
  2. Select the tunnel name.
  3. Copy the Tunnel ID.

​​ 3. Configure Cloudflare resources

Add the following resources to your Terraform configuration.

​​ Add public hostname route to Cloudflare Tunnel

Using the cloudflare_tunnel_config resource, create an ingress rule that maps your application to a public DNS record. This example makes localhost:8080 available on app.mycompany.com, sets the Connect Timeout, and enables Access JWT validation.

​​ Create an Access application

Using the cloudflare_access_application resource, add the application to Cloudflare Access.

​​ Create an Access policy

Using the cloudflare_access_policy resource, create a policy to secure the application. The following policy will only allow access to users who authenticate through your identity provider.

​​ 4. Deploy Terraform

To deploy the configuration files:

  1. Initialize your configuration directory:

  2. Preview everything that will be created:

  3. Apply the configuration:

Users can now access the private application by going to the public URL and authenticating with Cloudflare Access. You can view your new tunnel route, Access application, and Access policy in Zero Trust. The new DNS record is shown in the Cloudflare dashboard.




Finish path >