Update cloudflared

Updates will cause cloudflared to restart which will impact traffic currently being served. You can perform zero-downtime upgrades by using Cloudflare's Load Balancer product or by using multiple cloudflared instances.

Remotely-managed tunnels

To update cloudflared for a tunnel created through the dashboard:

Run the following command:

cloudflared update

This updates cloudflared and automatically restarts the service.

Update the cloudflared package:

brew upgrade cloudflared

Restart the service:

sudo launchctl stop com.cloudflare.cloudflared
sudo launchctl unload /Library/LaunchDaemons/com.cloudflare.cloudflared.plist
sudo launchctl load /Library/LaunchDaemons/com.cloudflare.cloudflared.plist
sudo launchctl start com.cloudflare.cloudflared

If installed via apt:

Update the cloudflared package:

sudo apt-get upgrade cloudflared

Restart the service:

sudo systemctl restart cloudflared.service

If installed manually via dpkg -i:

You can check if cloudflared was installed by a package manager by running ls -la /usr/local/etc/cloudflared/ and looking for .installedFromPackageManager in the output.

Update the cloudflared package:

curl --location --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb && sudo dpkg -i cloudflared.deb

Restart the service:

sudo systemctl restart cloudflared.service

Update the cloudflared package:

sudo yum update cloudflared

Restart the service:

sudo systemctl restart cloudflared.service

In Zero Trust, go to Networks > Tunnels.
Select your tunnel and select Configure.
Select Docker and copy the installation command shown in the dashboard.
Paste this command into a terminal window.

This creates a new container from the latest cloudflared image. You can now delete the old container.

If you installed cloudflared from GitHub-provided binaries or from source, run the following command:

cloudflared update

If you installed cloudflared with a package manager, you must update it using the same package manager. You can check if cloudflared was installed by a package manager by running ls -la /usr/local/etc/cloudflared/ and looking for .installedFromPackageManager in the output.

Update with Cloudflare Load Balancer

You can update cloudflared without downtime by using Cloudflare's Load Balancer product with your Cloudflare Tunnel deployment.

Install a new instance of cloudflared and create a new Tunnel.
Configure the instance to point traffic to the same locally-available service as your current, active instance of cloudflared.
Add the address of the new instance of cloudflared into your Load Balancer pool as priority 2.
Swap the priority such that the new instance is now priority 1 and monitor to confirm traffic is being served.
Once confirmed, you can remove the older version from the Load Balancer pool.

Update with multiple `cloudflared` instances

If you are not using Cloudflare's Load Balancer, you can use multiple instances of cloudflared to update without the risk of downtime.

Install a new instance of cloudflared and create a new Tunnel.
Configure the instance to point traffic to the same locally-available service as your current, active instance of cloudflared.
In the Cloudflare DNS dashboard, replace the address of the current instance of cloudflared with the address of the new instance. Save the record.
Remove the now-inactive instance of cloudflared.

Run multiple instances in Windows

Windows systems require services to have a unique name and display name. You can run multiple instances of cloudflared by creating cloudflared services with unique names.

Install and configure cloudflared.
Next, create a service with a unique name and point to the cloudflared executable and configuration file.

sc.exe create <unique-name> binPath='<path-to-exe>' --config '<path-to-config>' displayname="Unique Name"

Proceed to create additional services with unique names.
You can now start each unique service.

sc.exe start <unique-name>