ZeroTrust Access with self-hosted application

Hi there,

I am new to the ZeroTrust Access. I would check if ZeroTrust Access can protect self-hosted web application that has DNS is not hosted by Cloudflare?

I tried to do so, but subdomain name NS is not supported.

Best regards,
Pui Wong

Hello sp.wong

Yes, ZeroTrust Access can protect self-hosted web applications regardless of where the DNS is hosted. You would need to tunnel the traffic to your application through Cloudflare using Cloudflare Tunnel . This does not require a DNS record.

Here are the steps to set this up:

  1. Install cloudflared on the server hosting your application.
  2. Authenticate cloudflared by running cloudflared tunnel login and following the prompts.
  3. Create a tunnel with cloudflared tunnel create <tunnel_name>.
  4. Route traffic to your local web server with cloudflared tunnel --url http://localhost:<your_port>.
  5. Run cloudflared tunnel route dns <tunnel_id> <hostname> to create a DNS record for your tunnel.

Remember to replace <tunnel_name>, <your_port>, <tunnel_id>, and <hostname> with your actual values.


Hi hafida,

Thanks for the guidance.
I tried to setting the tunnel but stuck in the step 5 DNS record part.

It requires to migrate whole domain name to Cloudflare.
I could setup a subdomain CNAME record in my DNS server but not intend to migrate the whole DNS to Cloudflare.

Best regards,
Pui Wong

Hi there,

Cloudflare supports a CNAME setup option for domains on a Business or Enterprise plan. Further information is available in our knowledge center, here:

I hope this helps. Please let us know if you have further questions.