Expand description
cloudflare-quick-tunnel — pure-Rust client for Cloudflare’s
https://*.trycloudflare.com “quick tunnel” service.
Drop-in replacement for the common pattern of spawning the
cloudflared Go binary as a subprocess and scraping its stderr
for the public URL. Speaks QUIC + Cap’n Proto-RPC to the
argotunnel edge natively, so the host application stays a
single self-contained Rust binary.
See docs/spike-verdict.md for the design decision record and
the three undocumented edge gotchas (ALPN / SNI / trust roots)
that the spike crate proved out against the production edge.
Re-exports§
pub use error::TunnelError;pub use manager::QuickTunnelHandle;pub use manager::QuickTunnelManager;pub use manager::TunnelMetrics;
Modules§
- api
- POST
/tunnelclient forapi.trycloudflare.com. - edge
- Cloudflare edge discovery: DNS SRV
(
_v2-origintunneld._tcp.argotunnel.com) with a DNS-over-TLS fallback through1.1.1.1:853. Mirrors the semantics ofcloudflared/edgediscovery/allregions/discovery.go. - error
- Typed error model for the quick-tunnel client. Each variant corresponds to a distinct failure mode that callers can act on independently (API rejection vs DNS gap vs handshake refused vs permanent supervisor giveup).
- manager
- Top-level orchestrator.
QuickTunnelManager::start()runs: - pool
- Bounded idle-TCP-connection pool against
127.0.0.1:<port>. - proxy
- Per-request HTTP/1.1 proxy: bridge an inbound capnp-framed
stream from the edge to the local TCP listener the caller
wants to expose at
https://<sub>.trycloudflare.com. - quic_
dial - QUIC dial into the argotunnel edge using stock
quinn+rustls. The handshake recipe was nailed down in the design spike (seedocs/spike-verdict.md): - quic_
metadata_ protocol_ capnp - rpc
- Cap’n Proto-RPC client for the
TunnelServer/RegistrationServerinterface (seeschemas/tunnelrpc.capnp). - stream
- Per-request stream framing on the edge ↔ tunnel side.
- supervisor
- Long-running task that owns one QUIC connection after register.
- tunnelrpc_
capnp