How to Run Multiple Cloudflare Tunnels on a Single Server

Cloudflare (CF) Tunnel is a powerful way to expose your local services to the internet without opening ports or configuring firewalls. But what if you need to run multiple tunnels on the same server?

This guide covers two approaches and shows you how to manage them with systemd.

Approach #1: Single tunnel with Multiple Services

If all services belong to the same CF Account, use one tunnel with multiple ingress rules:

# /etc/cloudflared/config.yml
  tunnel: my-tunnel-id
  credentials-file: /etc/cloudflared/my-tunnel-id.json

  ingress:
    - hostname: app1.example.com
      service: http://localhost:3000
    - hostname: app2.example.com
      service: http://localhost:8080
    - hostname: api.example.com
      service: http://localhost:5000
    - service: http_status:404

The catch-all rule at the end is required.

Run it:

sudo cloudflared service install
sudo systemctl start cloudflared

This approach will take less resource and easier to for monitoring and management. However, we need all services share the same account.

So when you need separate tunnels, approach #2 will help with it.

Approach #2: Multiple Tunnel Instances

First, check your existing tunnel:

ps aux | grep cloudflared | grep -v grep

or checking systemd service

sudo systemctl status cloudflared

Next, create additional service files

By default, it will creates the file /etc/systemd/system/cloudflared.service. For additional tunnels, create new service files manually.

sudo vi /etc/systemd/system/cloudflared-tunnel2.service
[Unit]
Description=Cloudflare Tunnel 2
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
ExecStart=/usr/local/bin/cloudflared --no-autoupdate tunnel run --token YOUR_TUNNEL_TOKEN_HERE
Restart=on-failure
RestartSec=5
TimeoutStartSec=0

[Install]
WantedBy=multi-user.target
Replace YOUR_TUNNEL_TOKEN_HERE with your actual tunnel token from Cloudflare Zero Trust dashboard.

Then, enable and start the new service

sudo systemctl daemon-reload
sudo systemctl enable cloudflared-tunnel2
sudo systemctl start cloudflared-tunnel2

Finally verify both tunnels are running

sudo systemctl status cloudflared
sudo systemctl status cloudflared-tunnel2

Tips: instead of inline tokens, we can use config files for each tunnel:

sudo mkdir -p /etc/cloudflared/tunnel2

Create /etc/cloudflared/tunnel2/config.yml:

tunnel: your-tunnel-id
credentials-file: /etc/cloudflared/tunnel2/credentials.json

ingress:
- hostname: service.example.com
  service: http://localhost:4000
- service: http_status:404

Update the service file:

ExecStart=/usr/local/bin/cloudflared --no-autoupdate tunnel --config /etc/cloudflared/tunnel2/config.yml run