cloudflare/cloudflared

9 articles

Prerequisites

›Basic Go knowledge (goroutines, interfaces, error handling)
›Conceptual understanding of reverse tunnels and the Cloudflare network

Cloudflared Architecture: A Map of the Codebase

A comprehensive orientation to the cloudflared codebase covering its packages, operational modes, and the end-to-end request data path from Cloudflare's edge to your origin services.

Architecture Overview and Boot Process: From CLI to Tunnel Daemon

A high-level tour of cloudflared's architecture, from the 'tunnel as reverse proxy' mental model through package layering, the CLI dispatch tree, and the full boot sequence from main() to StartTunnelDaemon().

cloudflared Architecture: A Map of the Codebase

A high-level tour of the cloudflared project structure, entry points, and the mental model for navigating ~41k lines of Go.

Connection Lifecycle: The Supervisor, Protocol Fallback, and Edge Discovery

A deep dive into how cloudflared maintains up to four high-availability connections, falls back between QUIC and HTTP/2, and discovers edge addresses via DNS.

The Supervisor: How cloudflared Manages Edge Connections

Deep dive into the Supervisor event loop, connection lifecycle, protocol fallback, edge discovery, and feature flags.

Transport Protocols: QUIC Streams, HTTP/2 Framing, and Datagram Multiplexing

An in-depth examination of cloudflared's two transport implementations: QUIC stream handling with Cap'n Proto RPC, HTTP/2 fallback, and the datagram v3 UDP session multiplexer.

Inside the Wire: QUIC and HTTP/2 Edge Connections

How cloudflared's two transport protocols work internally, from QUIC stream dispatch to HTTP/2 handler patterns and the control stream registration handshake.

Traffic Routing: Ingress Rules, Origin Services, and the Proxy Layer

How cloudflared routes incoming requests to the correct origin service through two-tier ingress rule matching, a polymorphic service hierarchy, and type-switched proxy dispatch.

Dynamic Configuration: The Orchestrator, Feature Flags, and Runtime Updates

How cloudflared achieves zero-downtime configuration updates through atomic proxy swaps, DNS-based feature flags, and a four-layer configuration hierarchy.