Using these directions:
I installed cloudflare as a service on my laptop, running macOS 10.13.4. It did not launch on the next reboot.
Even running “sudo cloudflare service install” is not sufficient, because of where it puts the .plist.
This command installs it in ~/Library/LaunchAgents - but things in this directory are launched by the unprivileged user. As your instructions say, proxy-dns needs to bind to privileged port 53, and it cannot do this when launched by the unprivileged user. My log at /tmp/com.cloudlflare.cloudflared.err.log would get “permission denied” every 20 seconds for the attempts to bind to the port.
The solution was simply to move the .plist to /Library/LaunchDaemons. These are launched by root before logging in, so this makes it accessible by all users on the system.
Works like a charm now!