kjanat/cloudflared.schema.json

## cloudflared.schema.json
{
	"$schema": "http://json-schema.org/draft-07/schema#",
	"$id": "https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/cloudflared.json",
	"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
	"title": "cloudflared configuration",
	"description": "Configuration file for cloudflared (Cloudflare Tunnel). Typically placed at <code>~/.cloudflared/config.yml</code> or <code>/etc/cloudflared/config.yml</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
	"type": "object",
	"additionalProperties": true,

	"definitions": {
		"duration": {
			"type": "string",
			"description": "A Go duration string, e.g. <code>30s</code>, <code>5m</code>, <code>1h</code>, <code>500ms</code>. Valid units: <code>ns</code>, <code>us</code>, <code>ms</code>, <code>s</code>, <code>m</code>, <code>h</code>.",
			"pattern": "^[0-9]+(ns|us|µs|ms|s|m|h)$",
			"examples": ["30s", "5m", "1h", "500ms"]
		},

		"originRequestConfig": {
			"type": "object",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/",
			"description": "Per-origin request configuration. Can be set globally under <code>originRequest</code> or overridden per ingress rule.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/",
			"additionalProperties": false,
			"properties": {
				"connectTimeout": {
					"$ref": "#/definitions/duration",
					"description": "Timeout for establishing a new TCP connection to the origin. Excludes TLS handshake time (see <code>tlsTimeout</code>). Default: <code>30s</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"tlsTimeout": {
					"$ref": "#/definitions/duration",
					"description": "Timeout for completing a TLS handshake with the origin. Only applies when connecting to an HTTPS origin. Default: <code>10s</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"tcpKeepAlive": {
					"$ref": "#/definitions/duration",
					"description": "TCP keepalive interval for the connection to the origin. Default: <code>30s</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"noHappyEyeballs": {
					"type": "boolean",
					"description": "Disables the Happy Eyeballs algorithm for IPv4/IPv6 fallback. Set to <code>true</code> if your local network has misconfigured one of the protocols. Default: <code>false</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"keepAliveConnections": {
					"type": "integer",
					"minimum": 0,
					"description": "Maximum number of idle keepalive connections to the origin. Default: <code>100</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"keepAliveTimeout": {
					"$ref": "#/definitions/duration",
					"description": "Timeout after which an idle keepalive connection to the origin is closed. Default: <code>90s</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"httpHostHeader": {
					"type": "string",
					"description": "Overrides the HTTP <code>Host</code> header sent to the origin. If unset, cloudflared uses the hostname of the ingress rule's service URL.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"originServerName": {
					"type": "string",
					"description": "Hostname used for the TLS Server Name Indication (SNI) sent to the origin. If unset, the SNI is derived from the service URL. Useful when the origin certificate uses a different name than the service URL.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"caPool": {
					"type": "string",
					"description": "Local path to a CA certificate pool file (<code>.pem</code> or <code>.crt</code>) used to verify the origin's TLS certificate. Only needed if the certificate is not signed by a publicly trusted CA.\n\nExample: <code>/root/certs/ca.pem</code>\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"noTLSVerify": {
					"type": "boolean",
					"description": "When <code>true</code>, disables TLS verification of the origin certificate. Any certificate from the origin will be accepted. Not recommended for production. Default: <code>false</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"disableChunkedEncoding": {
					"type": "boolean",
					"description": "Disables chunked transfer encoding for requests to the origin. Required for some origin servers that do not support it (e.g. Nginx with certain configurations). Default: <code>false</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"bastionMode": {
					"type": "boolean",
					"description": "Enables bastion (jump host) mode. When <code>true</code>, this cloudflared instance acts as a jump host for SSH traffic. Default: <code>false</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"proxyAddress": {
					"type": "string",
					"description": "IPv4 or IPv6 address for the local proxy server cloudflared starts to translate HTTP into TCP (e.g. for SSH or RDP proxying). For locally-managed tunnels only. Default: <code>127.0.0.1</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"proxyPort": {
					"type": "integer",
					"minimum": 0,
					"maximum": 65535,
					"description": "Port for the local proxy listener. For locally-managed tunnels only. Default: <code>0</code> (disabled).\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"proxyType": {
					"type": "string",
					"enum": ["", "socks"],
					"description": "Type of proxy cloudflared starts when proxying TCP traffic.\n\n- <code>\"\"</code> — direct proxy (default)\n- <code>\"socks\"</code> — SOCKS5 proxy (e.g. for <code>kubectl</code> access via Cloudflare Access)\n\nFor locally-managed tunnels only.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"ipRules": {
					"type": "array",
					"description": "IP rules to allow or deny traffic to specific CIDR ranges and ports.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/",
					"items": {
						"type": "object",
						"additionalProperties": false,
						"properties": {
							"prefix": {
								"type": "string",
								"description": "IP CIDR prefix this rule applies to. Example: <code>\"10.0.0.0/8\"</code>."
							},
							"ports": {
								"type": "array",
								"items": {
									"type": "integer",
									"minimum": 1,
									"maximum": 65535
								},
								"description": "List of destination ports this rule matches."
							},
							"allow": {
								"type": "boolean",
								"description": "<code>true</code> to allow traffic matching this rule, <code>false</code> to deny it."
							}
						}
					}
				},
				"http2Origin": {
					"type": "boolean",
					"description": "When <code>true</code>, cloudflared attempts to connect to the origin using HTTP/2 instead of HTTP/1.1. Requires an SSL certificate on the origin. Default: <code>false</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				},
				"access": {
					"type": "object",
					"description": "Requires cloudflared to validate the Cloudflare Access JWT before proxying requests to this origin. The JWT is sent by Access as the <code>Cf-Access-Jwt-Assertion</code> request header.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/",
					"additionalProperties": false,
					"properties": {
						"required": {
							"type": "boolean",
							"description": "When <code>true</code>, all requests must arrive through a Cloudflare Access-authenticated endpoint. Requests without a valid JWT are rejected."
						},
						"teamName": {
							"type": "string",
							"description": "Your Cloudflare Zero Trust team name — the subdomain of your team domain. Example: <code>\"myteam\"</code> for <code>myteam.cloudflareaccess.com</code>."
						},
						"audTag": {
							"type": "array",
							"items": { "type": "string" },
							"description": "List of Cloudflare Access AUD tags used to validate JWT tokens. Obtain the AUD tag from your Access application settings."
						}
					}
				}
			}
		},

		"ingressRule": {
			"type": "object",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
			"description": "A single ingress rule that routes incoming traffic matching a hostname and/or path to a local service.\n\nRules are evaluated top-to-bottom; the first match wins. The final rule must be a catch-all (no <code>hostname</code> or <code>path</code>).\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
			"required": ["service"],
			"additionalProperties": false,
			"properties": {
				"hostname": {
					"type": "string",
					"description": "The public hostname to match, e.g. <code>app.example.com</code>. Supports <code>*</code> as a wildcard prefix: <code>*.example.com</code> matches all subdomains. Omit to create a catch-all rule.\n\nNote: Wildcards in the middle of a hostname (e.g. <code>test.*.example.com</code>) are not supported.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
					"examples": ["app.example.com", "*.example.com", "ssh.example.com"]
				},
				"path": {
					"type": "string",
					"description": "A Go regular expression matched against the request path. Only requests whose path matches are routed to this rule's service. Uses [Go <code>regexp</code> syntax](https://pkg.go.dev/regexp/syntax).\n\nExample: <code>\\.(jpg|png|css|js)$</code>\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/"
				},
				"service": {
					"type": "string",
					"description": "The local service to proxy traffic to. Supports HTTP, HTTPS, SSH, RDP, TCP, Unix sockets, and built-in responders.\n\nExamples:\n- <code>http://localhost:8080</code>\n- <code>https://localhost:443</code>\n- <code>ssh://localhost:22</code>\n- <code>tcp://localhost:3306</code>\n- <code>rdp://localhost:3389</code>\n- <code>unix:/var/run/app.sock</code>\n- <code>http_status:404</code> — respond with an HTTP status code\n- <code>hello_world</code> — built-in test server\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
					"examples": [
						"http://localhost:8080",
						"https://localhost:443",
						"ssh://localhost:22",
						"tcp://localhost:3306",
						"rdp://localhost:3389",
						"http_status:404",
						"http_status:503",
						"hello_world",
						"unix:/var/run/app.sock"
					]
				},
				"originRequest": {
					"$ref": "#/definitions/originRequestConfig",
					"description": "Per-rule overrides for origin request settings. Values here take precedence over the top-level <code>originRequest</code> block for this rule only.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
				}
			}
		}
	},

	"properties": {
		"tunnel": {
			"type": "string",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
			"description": "The UUID or name of the locally-managed tunnel to run. Run <code>cloudflared tunnel list</code> to find your tunnel's UUID.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
			"examples": ["6ff42ae2-765d-4adf-8112-31c55c1551ef", "my-tunnel"]
		},
		"credentials-file": {
			"type": "string",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
			"description": "Absolute path to the tunnel credentials JSON file generated by <code>cloudflared tunnel create</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
			"examples": [
				"/home/user/.cloudflared/6ff42ae2-765d-4adf-8112-31c55c1551ef.json",
				"/etc/cloudflared/credentials.json"
			]
		},
		"ingress": {
			"type": "array",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
			"description": "Ordered list of ingress rules. Evaluated top-to-bottom; the first matching rule wins. The last rule must be a catch-all (no <code>hostname</code> or <code>path</code>), typically <code>service: http_status:404</code>.\n\nValidate rules with: <code>cloudflared tunnel ingress validate</code>\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
			"minItems": 1,
			"items": {
				"$ref": "#/definitions/ingressRule"
			}
		},
		"originRequest": {
			"$ref": "#/definitions/originRequestConfig",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/",
			"description": "Global default origin request configuration. Applied to all ingress rules unless overridden per-rule.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/"
		},
		"warp-routing": {
			"type": "object",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
			"description": "Configuration for WARP-to-tunnel routing (private network access for WARP client users).\n\nTo expose a private network, set <code>enabled: true</code> and add routes via <code>cloudflared tunnel route ip</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/",
			"additionalProperties": false,
			"properties": {
				"enabled": {
					"type": "boolean",
					"description": "Enables WARP routing so that WARP clients can reach this tunnel's private network. Default: <code>false</code>."
				},
				"connectTimeout": {
					"$ref": "#/definitions/duration",
					"description": "Timeout for establishing connections in WARP routing mode."
				},
				"maxActiveFlows": {
					"type": "integer",
					"minimum": 0,
					"description": "Maximum number of concurrent active WARP-routed flows."
				},
				"tcpKeepAlive": {
					"$ref": "#/definitions/duration",
					"description": "TCP keepalive interval for WARP-routed connections."
				}
			}
		},

		"autoupdate-freq": {
			"$ref": "#/definitions/duration",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "How often cloudflared checks for and applies updates. Default: <code>24h</code>. Set <code>no-autoupdate: true</code> to disable updates entirely.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"no-autoupdate": {
			"type": "boolean",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Disables automatic self-updates of cloudflared. Default: <code>false</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"retries": {
			"type": "integer",
			"minimum": 0,
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Maximum number of retries for connection/protocol errors. Uses exponential backoff (<code>1s</code>, <code>2s</code>, <code>4s</code>, <code>8s</code>, <code>16s</code>…). Default: <code>5</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"protocol": {
			"type": "string",
			"enum": ["auto", "http2", "quic", "h2mux"],
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Transport protocol cloudflared uses to connect to Cloudflare's edge.\n\n- <code>auto</code> — tries QUIC first, falls back to HTTP/2 if UDP is unavailable (recommended)\n- <code>quic</code> — forces QUIC (UDP-based, lower latency)\n- <code>http2</code> — forces HTTP/2\n- <code>h2mux</code> — legacy multiplexed HTTP/2 (deprecated)\n\nDefault: <code>auto</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"region": {
			"type": "string",
			"enum": ["", "us"],
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Restricts tunnel connections to a specific Cloudflare region.\n\n- <code>\"us\"</code> — route only through US data centers (uses different hostnames/IPs; see [Tunnel with firewall](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-with-firewall/))\n- <code>\"\"</code> — global region (default)\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"loglevel": {
			"type": "string",
			"enum": ["debug", "info", "warn", "error", "fatal"],
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Log verbosity for cloudflared. Default: <code>info</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"transport-loglevel": {
			"type": "string",
			"enum": ["debug", "info", "warn", "error", "fatal"],
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Log level for the underlying QUIC/HTTP2 transport layer. Default: <code>warn</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"logfile": {
			"type": "string",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Path to a file where cloudflared logs are written. If omitted, logs go to stdout.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"examples": ["/var/log/cloudflared/cloudflared.log"]
		},
		"log-directory": {
			"type": "string",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Directory path for log files. Takes precedence over <code>logfile</code> when set.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"metrics": {
			"type": "string",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Address for the Prometheus metrics endpoint. Default: <code>localhost:2000</code>.\n\nThe <code>/metrics</code> path exposes Prometheus-formatted metrics. The <code>/ready</code> path returns <code>200</code> when cloudflared has an active edge connection (useful as a liveness probe).\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"examples": ["localhost:2000", "0.0.0.0:2000"]
		},
		"metrics-update-freq": {
			"$ref": "#/definitions/duration",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Frequency at which tunnel metrics are updated. Default: <code>5s</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"grace-period": {
			"$ref": "#/definitions/duration",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Time cloudflared waits for in-flight requests to complete before shutting down. Long-lived connections (WebSocket, SSH, TCP) will be dropped when the grace period expires. Default: <code>30s</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"tag": {
			"oneOf": [
				{
					"type": "string",
					"description": "A single custom tag in <code>KEY=VALUE</code> format.",
					"examples": ["env=production"]
				},
				{
					"type": "object",
					"description": "Map of custom <code>KEY=VALUE</code> tags.",
					"additionalProperties": { "type": "string" }
				}
			],
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Custom tags to identify this cloudflared instance. Visible in the Cloudflare dashboard.\n\nIn a config file, use a map: <code>tag: {env: production, team: platform}</code>\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"pidfile": {
			"type": "string",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Path to a PID file. cloudflared writes its process ID here after the first successful connection. Useful for scripting and service integration.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"post-quantum": {
			"type": "boolean",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "When <code>true</code>, forces post-quantum (PQ) key agreement for QUIC connections with no fallback to non-PQ. By default, QUIC already attempts PQ but falls back if unavailable. Not supported with <code>protocol: http2</code>. Default: <code>false</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		},
		"management-diagnostics": {
			"type": "boolean",
			"$comment": "Docs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/",
			"description": "Enables the management diagnostics service. Default: <code>true</code>.\n\nDocs: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/"
		}
	},

	"examples": [
		{
			"tunnel": "6ff42ae2-765d-4adf-8112-31c55c1551ef",
			"credentials-file": "/home/user/.cloudflared/6ff42ae2-765d-4adf-8112-31c55c1551ef.json",
			"ingress": [
				{
					"hostname": "app.example.com",
					"service": "http://localhost:8080"
				},
				{
					"hostname": "api.example.com",
					"path": "^/v2/",
					"service": "http://localhost:3000",
					"originRequest": {
						"connectTimeout": "10s"
					}
				},
				{
					"service": "http_status:404"
				}
			],
			"originRequest": {
				"connectTimeout": "30s",
				"noTLSVerify": false
			},
			"loglevel": "info",
			"metrics": "localhost:2000"
		}
	]
}
No results found