cloudflared icon indicating copy to clipboard operation
cloudflared copied to clipboard
verified publisher icon cloudflare

🐛Service install does not respect generic args or environment variables

Open ct-martin opened this issue 4 months ago • 2 comments

Describe the bug When running cloudflared service install it is not possible to pass additional arguments or environment variables for the service installation. This makes it notably more difficult to create tunnels using tools like Ansible on an IPv6-only device where those arguments are necessary to create the tunnel (since the command will stall while waiting for the tunnel to become available). This means the entire service file has to be created (and kept in sync with this repo) to avoid manual intervention.

To Reproduce Steps to reproduce the behavior:

  1. Configure a remote tunnel via the dashboard
  2. Run 'cloudflare service install --edge-ip-version=6 ...' (also get same output is use a space instead of =)
  3. See error of "Incorrect Usage: flag provided but not defined: -edge-ip-version"
  4. Run TUNNEL_EDGE_IP_VERSION=6 cloudflare service install ...
  5. See command create the systemd service and then stall

If it's an issue with Cloudflare Tunnel: 4. Tunnel ID : (did not finish registering/creating/connecting; does not appear in dashboard) 5. cloudflared config: N/A (remote tunnel)

Expected behavior The systemd unit should either pass in generic arguments to the {{ range .ExtraArgs }} or add the TUNNEL_ environment variables to the systemd unit file (or automatically create an override with those included)

Environment and versions

  • OS: Debian 13 (Trixie) via the Debian "any" package repo
  • Architecture: x64
  • Version: 2025.8.0

Logs and errors CLI output when running service install via environment variable (stalls):

# cloudflared service install ...
2025-08-15T01:52:15Z INF Using Systemd
^C

CLI output when running service install via arguments:

# cloudflared service install --edge-ip-version=6 ...
Incorrect Usage: flag provided but not defined: -edge-ip-version

Additional context Defaulting EdgeIpVersion to auto would solve my immediate issue but this would also be desirable for setting a bind address, force PQ only, or to only use the US region

ct-martin avatar Aug 15 '25 02:08 ct-martin

Can I work on this please?

eshentials avatar Sep 01 '25 17:09 eshentials

I ran into the same issue on Ubuntu 24.04 ARM64, using cloudflared-2025.9.1. Because my EC2 does not have an IPv4 NAT gateway, but only an publicly routed IPv6 IP, my tunnel will only work on IPv6.

When I install the service with the --edge-ip-version given, I get the same hanging output as @ct-martin except since I was using a space instead of =, I did not get the invalid parameter warning:

# cloudflared --edge-ip-version 6 service install ey...
  
2025-10-05T14:32:59Z INF Using Systemd

The log shows that it only attempts to connect to IPv4 edge nodes. The generated cloudflared.service file did not contain my --edge-ip-version value.

Editing the auto-generated /etc/systemd/system/cloudflared.service from

ExecStart=/usr/bin/cloudflared --no-autoupdate tunnel run --token ey...

to

ExecStart=/usr/bin/cloudflared --edge-ip-version 6 --no-autoupdate tunnel run --token ey...

and restarting the servicve made it all work perfectly.

smaragd avatar Oct 05 '25 15:10 smaragd