cloudflare-dns-cloudflared-mcp
Allows managing Cloudflare DNS records, Cloudflare Tunnels, and Cloudflare Access applications, including exposing SSH and web services through tunnels with access control.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@cloudflare-dns-cloudflared-mcpExpose web UI at 10.0.0.5:3000 as app.example.com via tunnel"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
cloudflare-dns-cloudflared-mcp
Self-hosted MCP server for administering Cloudflare DNS and cloudflared tunnel services — expose SSH hosts, web UIs, and other services on your home network through Cloudflare Tunnels with Google OAuth access control.
Runs as a Docker container on your own infrastructure. Connects to Claude Code or any MCP-compatible client via bearer-token-authenticated HTTP.
Tools
DNS
Tool | Description |
| List all zones in the account |
| List DNS records for a zone |
| Create a DNS record (A, AAAA, CNAME, MX, TXT, …) |
| Update an existing DNS record |
| Delete a DNS record |
Tunnels
Tool | Description |
| List all Cloudflare Tunnels |
| Get tunnel details |
| Get connector token for cloudflared |
| List active tunnel connections |
Tunnel Services (workflow)
Tool | Description |
| List all services exposed across all tunnels |
| Expose an SSH host through a tunnel with browser-based access |
| Expose a web UI through a tunnel with access control |
| Remove a service — tears down ingress, DNS, and Access app |
What service_expose_ssh and service_expose_web do
Each workflow tool wires up the full stack in one call:
Tunnel ingress rule — maps the public hostname to the private backend service
DNS CNAME — points
subdomain.yourdomain.com→[tunnel-id].cfargotunnel.comCloudflare Access application — gates who can reach the service
Access policy — allows specific Google accounts, with optional one-time PIN (OTP) for non-Google emails
Related MCP server: mcp-server-cloudflare
Prerequisites
Cloudflare Tunnel
You need a running cloudflared tunnel connected to your home network. Install cloudflared on your home server and connect it via the Cloudflare Zero Trust dashboard. The tunnel must show as Online before exposing services through it.
Google OAuth identity provider
For Google-authenticated access, configure Google as an identity provider once in the Zero Trust dashboard under Settings → Authentication. This is a one-time manual setup — the MCP server manages per-service access policies, not the identity provider itself.
Quick start
1. Clone
git clone git@github.com:andrewkriley/cloudflare-dns-cloudflared-mcp.git
cd cloudflare-dns-cloudflared-mcp2. Configure
cp .env.example .envEdit .env and fill in:
Variable | Description |
| Cloudflare API token (see permissions below) |
| Your Cloudflare account ID |
| Shared secret for MCP client auth — generate with |
3. Run
docker compose up -dCheck it's healthy:
curl http://localhost:3000/health
# {"status":"ok"}4. Connect Claude Code
Run once to register the server:
claude mcp add cloudflare-admin --transport http \
--header "Authorization: Bearer YOUR_MCP_BEARER_TOKEN" \
http://localhost:3000/mcpReplace YOUR_MCP_BEARER_TOKEN with the value from your .env.
5. Example usage
Ask Claude:
"Expose my Proxmox server at 192.168.1.100:8006 as proxmox.yourdomain.com through my home tunnel. Allow access for user@gmail.com."
Claude will call dns_list_zones, tunnel_list, then service_expose_web to wire everything up.
Secrets & Security
Environment variables
Variable | Sensitivity | Purpose |
| Secret | Cloudflare API token — DNS + Tunnel + Zero Trust permissions |
| Low | Cloudflare account identifier |
| Secret | Shared secret for MCP endpoint auth |
| Low | HTTP port (default: 3000) |
All are loaded from .env via docker compose. The .env file is gitignored and must never be committed.
Creating the Cloudflare API token
Go to dash.cloudflare.com/profile/api-tokens and create a custom token with:
Scope | Permission |
Zone > DNS | Edit |
Account > Cloudflare Tunnel | Edit |
Account > Zero Trust | Edit |
Zone > Zone | Read |
Set a 90-day expiry at creation time.
Token rotation (every 90 days)
Create a new token at dash.cloudflare.com/profile/api-tokens
Update
CF_API_TOKENin.envRestart the container:
docker compose restartDelete the old token in the Cloudflare dashboard
Generating a bearer token
openssl rand -hex 32Security controls
Control | What it does |
Bearer token auth | All |
Non-root container | Process runs as unprivileged |
Read-only filesystem | Container root filesystem is read-only ( |
No new privileges |
|
| Returns |
Development
Run locally without Docker
npm install
cp .env.example .env
# fill in .env
npm run devBuild and test
npm run build # compile TypeScript
npm run typecheck # type-check without emitting
npm run lint # ESLint
npm test # unit tests (mocked, no credentials needed)
npm run test:integration # integration tests (requires env vars — runs in CI)Docker commands
docker compose up -d # start in background
docker compose logs -f # tail logs
docker compose restart # restart after .env change
docker compose down # stop and remove container
docker compose build --no-cache # force rebuild imageCI
Every push and pull request runs:
Check | Tool | Purpose |
Secret scanning | Gitleaks | Detects accidentally committed tokens |
TypeScript check |
| Strict compile-time correctness |
ESLint |
| Code quality and style |
Unit tests | Vitest | Mocked tests — workflow tool logic |
Dependency audit |
| Flags high/critical vulnerabilities |
Docker build |
| Verifies image builds successfully |
Tunnel integration tests | Vitest + real cloudflared | Full lifecycle against a real ephemeral tunnel |
VERSION ↔ package.json |
| Keeps root |
Version bump (PRs) | Compare | Every PR must bump |
All checks above are required for a PR to merge to main once enabled in branch protection. Pushing a tag v*.*.* runs the Release workflow (GitHub Release + GHCR image + latest git tag).
Known limitations
Browser-rendered SSH and short-lived certificates
service_expose_ssh sets up the correct server-side configuration for Cloudflare short-lived SSH certificates (TrustedUserCAKeys, AuthorizedPrincipalsFile, SSH CA). However, Cloudflare's browser-rendered SSH terminal uses libssh2 1.9.0, which does not support OpenSSH certificate authentication. Certificate support was added in libssh2 1.11.0 (2023).
Effect: When accessing an SSH service via the browser terminal, the browser prompts for a private key instead of logging in automatically with a short-lived cert.
Short-lived certs work correctly for native SSH client access via the cloudflared ProxyCommand:
Host ssh.yourdomain.com
ProxyCommand cloudflared access ssh --hostname %hWorkarounds for browser-only access (e.g. when outbound SSH is blocked on the client network):
Option A — Enable password auth on the backend sshd. The SSH port is not publicly exposed (only reachable via the tunnel, gated by Cloudflare Access). Password auth behind Google OAuth is an acceptable trade-off:
# On the SSH backend host
sudo sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sudo systemctl reload sshOption B — Deploy a web terminal (wetty). Run wetty on the backend host and expose it as a web service. The browser connects to wetty over HTTPS; wetty connects to sshd on localhost. No libssh2 limitation applies.
docker run -d --restart unless-stopped \
--name wetty \
-p 3000:3000 \
wettyoss/wetty --ssh-host localhost --ssh-port 22 --base /Then expose via service_expose_web with backend_port: 3000, backend_protocol: http. Cloudflare Access gates access as normal.
Versioning
The canonical version is the root VERSION file (same pattern as splunk-lab). Run npm run sync-version to copy it into package.json. Pushing a tag v*.*.* triggers a GitHub Release and publishes the Docker image to GHCR.
See VERSIONING.md for the full workflow, CI rules, and tag format.
Contributing
main is protected — all changes via PR from dev. CI must pass before merge. Direct pushes to main are blocked.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/andrewkriley/cloudflare-dns-cloudflared-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server