Access non-http applications via Argo Tunnel?

Hi everyone,

I’m trying to see if I can use Cloudflare’s Argo Tunnel to route traffic for non-web applications through to my server.

I’ve so far followed the documentation to the point where I have a subdomain routing traffic through to an nginx server on a test vm, I have it set to not proxy it as I’m aware cloudflare doesn’t allow non-http traffic through it on the free plan.

here is the config I have setup:

url: localhost
tunnel: [REDACTED]
credentials-file: [REDACTED]

in theory this should allow traffic destined for any port through to the localhost of the machine running the tunnel, and I’ve successfully tested it with an nginx server which I can access from the tunnel’s sub-domain, but attempting to access the server over SSH or a minecraft server doesn’t work using that same sub-domain times out.

Is there something I’m missing? is it just a matter of upgrading to a paid plan? I can’t find anything in the documentation that restricts the tunnel to web-traffic only.


Cloudflare Tunnel can proxy just about anything, but you’d need cloudflared running at both ends.


I need it running on client machines as well? but that doesn’t explain why I can access the nginx server being proxied from a range of devices, all of which can’t access the server locally either.

NGINX works because it is an HTTP/S application. That’s the default setting for any :orange: Proxied hostname.

I have SSH set up in Tunnel, but I need to use cloudflared on my desktop to be able to connect to it.


ok, interesting, but when you say proxied hostname, are you referring to the toggle in the DNS settings for the domain? because I have the proxy disabled for this DNS record.

Even if your DNS record is :grey: DNS Only, a tunnel is a CNAME for what’s essentially proxied traffic to your server. If it’s going through Cloudflare, it’s assumed to be HTTP/S.

Oh now I see, so the tunnel itself has the equivalent of the “proxied” toggle permanently turned on,
in that case, would you be able to point me in the right direction for setting up a “client” to connect to the tunnel?

Apart from HTTP/S (SSH and VNC are using their browser renderer thing so they don’t count), Cloudflare for Teams will not usually proxy services on a subdomain, unless you have a Cloudflare client on either side.

You can install cloudflared and connect to your tunnel through there, however I find it easier to just do the following instead. You can still technically do this with a bit of mucking around without the WARP client
You can spin up a tunnel, and then access that local network, just like a normal VPN. Setup the tunnel with cloudflared on your server, then use the app to log into Cloudflare for Teams, and connect to your server. Instructions below:

1 Like