💡Feature Request: Implement API for Dynamic Tunnel Management in cloudflared

[mlanies]

Describe the Feature You’d Like

I propose adding a dedicated API or extending the CLI interface to support dynamic management of tunnels through cloudflared access tcp. This feature would allow external applications and orchestration tools to programmatically:
1.Start tunnels dynamically by specifying a hostname and target URL.
2.Monitor tunnel status in real-time, including health checks and error reporting.
3.Gracefully terminate tunnels remotely for proper resource management and secure shutdowns.
4.Retrieve tunnel connection details for enhanced logging and integration with external monitoring systems.

Describe Alternatives You’ve Considered

Currently, the only method for managing tunnels is through direct system command execution (e.g., cloudflared access tcp --hostname --url). This approach presents several key limitations:

• ❌ No proper error handling: Capturing tunnel-related errors effectively via CLI commands is challenging.
• ❌ Limited lifecycle management: There’s no built-in method for stopping or restarting tunnels gracefully without terminating the entire process.
• ❌ No monitoring capabilities: It’s not possible to programmatically retrieve tunnel health status, logs, or connection metrics.

Why This Feature Is Important

A dedicated API would unlock several important benefits:

• ✅ Seamless integration with orchestration tools (e.g., Kubernetes, Docker Swarm).
• ✅ Automated tunnel management for CI/CD pipelines.
• ✅ Enhanced security through more granular control over tunnel sessions.
• ✅ Easier integration for external applications requiring dynamic tunnel creation.

Additional Security Features Request

It would be highly beneficial if the new API supported encrypted hostname transmission. This could be achieved by:

• Accepting encrypted hostnames from external sources.
• Integrating with securely stored encryption keys (local or cloud-based).
• Allowing the use of temporary encrypted tokens to improve DNS request privacy.

This would help hide DNS connection details and significantly enhance security, especially in Zero Trust environments.

Possible Implementation Ideas

1. REST API Endpoints

Method	Endpoint	Description
POST	/api/tunnel/start	Start a tunnel with provided parameters
GET	/api/tunnel/status/{id}	Fetch the current status of a specific tunnel
DELETE	/api/tunnel/stop/{id}	Securely close a specific tunnel

2. Extended CLI Commands

cloudflared tunnel start --hostname {hostname} --url {url} --secure
cloudflared tunnel status --id {tunnel_id}
cloudflared tunnel stop --id {tunnel_id}

Additional Context

Adding an API for managing cloudflared tunnels programmatically would enable better integration with:

• Orchestration tools (e.g., Kubernetes, Docker Swarm).
• Automated deployment pipelines.
• Monitoring systems for tunnel health and status tracking.
• Simplified integration with external applications relying on dynamic tunnel creation.

Use Cases

• Automatically launching secure tunnels during application deployment.
• Allowing on-demand secure access for specific users or systems.
• Integrating with monitoring tools like Prometheus for real-time status tracking.
• Providing secure API access for external developers integrating with cloudflared.

Final Thoughts

Implementing an API for tunnel management would significantly enhance cloudflared by enabling dynamic integration into modern infrastructure stacks. This feature would allow:

• Streamlined automation workflows
• Improved resource management
• Enhanced security for sensitive data transmission

Thank you for considering this request! I look forward to your feedback and hope to see this feature implemented soon.

Thank you for considering this feature request! ⭐️