Awesome Open Source
Awesome Open Source

BuildRelease crate GitHub Docker Registry crate


tunnelto lets you expose your locally running web server via a public URL. Written in Rust. Built completely with async-io on top of tokio.

  1. Install
  2. Usage Instructions
  3. Host it yourself


Brew (macOS)

brew install agrinman/tap/tunnelto


cargo install tunnelto

Or Download a release for your target OS here: tunnelto/releases


Quick Start

tunnelto --port 8000

The above command opens a tunnel and forwards traffic to localhost:8000.

More Options:

⇢ tunnelto --help
tunnelto 0.1.6
Expose your local web server to the internet with a public url.


    -h, --help       Prints help information
    -V, --version    Prints version information
    -v, --verbose    A level of verbosity, and can be used multiple times

    -k, --key <key>                 Sets an API authentication key to use for this tunnel
    -p, --port <port>               Sets the port to forward incoming tunnel traffic to on localhost [default: 8000]
    -s, --subdomain <sub-domain>    Specify a sub-domain for this tunnel

    help        Prints this message or the help of the given subcommand(s)
    set-auth    Store the API Authentication key

Host it yourself

  1. Compile the server for the musl target. See the for a way to do this trivially with Docker!
  2. See Dockerfile for a simple alpine based image that runs that server binary.
  3. Deploy the image where ever you want.

Testing Locally

# Run the Server: xpects TCP traffic on 8080 and control websockets on 5000
ALLOWED_HOSTS="localhost" ALLOW_UNKNOWN_CLIENTS=1 cargo run --bin tunnelto_server

# Run a local tunnelto client talking to your local tunnelto_server
CTRL_HOST="localhost" CTRL_PORT=5000 CTRL_TLS_OFF=1 cargo run --bin tunnelto -- start -p 8000

# Test it out!
# Remember 8080 is our local tunnelto TCP server
curl -H '<subdomain>.localhost' "http://localhost:8080/some_path?with=somequery"

Server Env Vars

  • ALLOWED_HOSTS: which hostname suffixes do we allow forwarding on
  • SECRET_KEY: an authentication key for restricting access to your tunnelto server
  • ALLOW_UNKNOWN_CLIENTS: a boolean flag, if set, enables unknown (no authentication) clients to use your tunnelto server. Note that unknown clients are not allowed to chose a subdomain via -s.
  • CTRL_PORT: which control port to listen to (defaults to 5000)


This implementation does not support multiple running servers (i.e. centralized coordination). Therefore, if you deploy multiple instances of the server, it will only work if the client connects to the same instance as the remote TCP stream.

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
rust (4,456
tunnel (84
localhost (17

Find Open Source By Browsing 7,000 Topics Across 59 Categories