Author of SirTunnel here. Thanks for the shout out Tony. You're using it exactly the way intended: fork+tweak for your needs. I ended up making boringproxy[0] to be easier for non-developers to use, but I still love the simplicity of SirTunnel. It's basically the minimal way I know of to get SSH tunnels + auto TLS. In fact, "SirT" is a play on "cert".
Personally, I believe tunneling is the closest way currently to provide the unrealized future IPv6 promised. By sharing IPv4 addresses and routing based on SNI, anyone with a domain can host a website or service from home and tunnel through a nearby server with a public IP. You get the added benefit that your IP address stays private.
Yggdrasil is essentially a p2p VPN where peers have IPv6 addresses that are declared by their public/private keys. I set up a dedicated peer as a nano EC2 instance in AWS so that my devices can reach each other no matter where they're located or what sort of firewall they're behind. My EC2 instance also provides a nameserver for my Yggdrasil peers.
I know it's not exactly the same as Ngrok, but I've found it really useful for development purposes and simply for the purpose of being able to control my devices. My phone, both my Macbooks, Raspberry Pi, and even my car stereo are peers on my Yggdrasil network. The downside is sharing with a 3rd party means they need to install Yggrasil, that is unless you set up a public web server to act as a "tunnel" to the web servers in your network.
Before someone mentions security, not all of my devices are connected all the time (e.g. my phone), and my EC2 peer whitelists which peers can connect.
Sounds like your setup is working for you, however just so you know tailscale solves this exact problem without requiring you to run an ec2 server and adds all kinds of niceties like ACLs, magic dns, designating exit nodes, etc. It’s super simple to setup as well. No affiliation just a happy user.
Haven't used Tailscale, but it sounds like a pretty good service. I think something like that can be the right way to go for people who really want minimal hassle and configuration. The app also looks really good.
Yggdrasil is pretty dang easy, though. If you don't have your own clearnet peer, there's plenty of public peers on the main net to use. I just prefer using my own peer because I don't intend on sharing my network with other parties. The EC2 server isn't hard to setup and costs peanuts to run. Everything else basically just works as long as you have one or more peers configured. I haven't had a situation where I couldn't get it to work in a few minutes.
> designating exit nodes
As far as I'm aware, that's not a feature of Yggrasil. My understanding is if the IP for a connection falls out of its range (it uses some deprecated range of IPv6 addresses that are technically still valid), it just passes it through without treating it like a potential peer.
(I’d love to hear what SirTunnel and caddy bring to the table! I think the auto registering of tunnels is certainly less hacky than the approach in the above gist, but on its own that’s not enough for me to care..)
Main difference I see is SirTunnel handles custom domains and auto certs easier. Also, am I reading correctly that the gist allows anyone to create a tunnel without authentication? I would definitely recommend setting up ssh keys and not doing that.
> It's that simple there's no authentication at all
In practice it should require ssh key auth, that’s what I’ve always done. But without requiring password. And limited to just being able to create tunnels via the ForceCommand sshd config.
Added benefit is sish handles all of the hostname/certificate provisioning on its own and does things like internal tunnels, TCP tunnels, and gives you a little website debugging tool as well. All in a single binary :)
Not to downplay the excellent work you've put into sish (which does have many nice additional features), but SirTunnel is basically just a wrapper around Caddy+SSH, so it also provides any features Caddy includes such as auto certs.
I just started playing with cloudflared as a way to tunnel my dev services to the internet-at-large and it generally just works, and costs me $0. Combine that with the Access product on top, and you can have a Google-auth'd tunnel to your machine that can be stood up within ~5 mins.
Yep, came here to say the same thing. I've used this to expose projects with https where I need a stable url (to do something like Apple Pay domain verification). It worked perfectly for me. I just have 2 tunnels setup "local.mydomain.com" and "api.local.mydomain.com" that map to the 2 ports I use for those things. It make development that needs https (various browser features) and sharing with others much easier. Localhost can normally bypass these restrictions but sometimes I need to test on an iPhone/iPad/Android and that's where cloudflare tunnels really shine for me.
I'm the author of SirTunnel and I recommend Cloudflare Tunnel as the solution for most people today.
That said, competition is valuable and I'm wary of ending up in a place where the best solution today becomes the only solution tomorrow and a terrible solution eventually.
My main side project currently involves building a viable alternative to Cloudflare Tunnel with features like e2ee, better domain name integration, support for selfhosting[0], etc, but the reality is today they're the best option for most people.
[0]: Cloudflare's TOS explicitly forbids hosting non-HTTP content over Tunnel. Which means you're not supposed to do things like running a Plex server or hosting other media. In practice, I haven't heard of many cases of that being enforced.
I can assure you that I am not associated with Cloudflare (nor any company right now!), but a fan of the product.
I'm working on https://github.com/mmastrac/progscrape/ right now, and I'm using it to expose my test server to the internet at large from MacBook. It's insanely simple to do.
Honestly, seeing that stuff and then finding myself guilty of it as well got me to buy stock.
I haven't seen this many people in tech like a company since Apple started getting popular. After using it, I see why. Makes my life easier for a reasonable price (often free).
I am guilty of promoting Cloudflare, but it's cause I genuinely like most of their products and find they save me/my company significant time - including Tunnels, which I use to host several services like a Stable Diffusion web interface for our art team.
That said, their support for NextJS in Pages is pretty frustrating, so if they do have shills that read this, please do something about that :)
That's what I've been using as well, I love the no client just SSH approach. I'm currently paying them a couple of dollars a month to use a custom domain and support the service.
I just run a DO droplet with a reserved IP at $4.50 per month. Just enable the SSH gateway and you can reverse-tunnel into it. Cheaper than localhost.run's $3.50 a month if you have multiple domains.
I've had issues with localhost.run going down before, which is why I switched.
The great thing about this method is that it works with literally any provider that provides SSH access.
I no longer have this need as often, but back in the day I set up something for myself just using Traefik and OpenSSH (in docker). Traefik would manage the certs and route traffic to the OpenSSH container that would port forward to my local host with th standard `ssh` commands. It doesn't have all the features of ngrok (maybe SirTunnel does), but was generally enough for my needs.
Author of SirTunnel here. Thanks for the shout out Tony. You're using it exactly the way intended: fork+tweak for your needs. I ended up making boringproxy[0] to be easier for non-developers to use, but I still love the simplicity of SirTunnel. It's basically the minimal way I know of to get SSH tunnels + auto TLS. In fact, "SirT" is a play on "cert".
Personally, I believe tunneling is the closest way currently to provide the unrealized future IPv6 promised. By sharing IPv4 addresses and routing based on SNI, anyone with a domain can host a website or service from home and tunnel through a nearby server with a public IP. You get the added benefit that your IP address stays private.
[0]: https://boringproxy.io/
This seems like a good alternative to Ngrok if you need to be able to share a temporary server with someone else.
What I've been doing for my own work, in the case that I need to access a server from one device on another, is to use Yggdrasil.
https://yggdrasil-network.github.io/
Yggdrasil is essentially a p2p VPN where peers have IPv6 addresses that are declared by their public/private keys. I set up a dedicated peer as a nano EC2 instance in AWS so that my devices can reach each other no matter where they're located or what sort of firewall they're behind. My EC2 instance also provides a nameserver for my Yggdrasil peers.
I know it's not exactly the same as Ngrok, but I've found it really useful for development purposes and simply for the purpose of being able to control my devices. My phone, both my Macbooks, Raspberry Pi, and even my car stereo are peers on my Yggdrasil network. The downside is sharing with a 3rd party means they need to install Yggrasil, that is unless you set up a public web server to act as a "tunnel" to the web servers in your network.
Before someone mentions security, not all of my devices are connected all the time (e.g. my phone), and my EC2 peer whitelists which peers can connect.
Sounds like your setup is working for you, however just so you know tailscale solves this exact problem without requiring you to run an ec2 server and adds all kinds of niceties like ACLs, magic dns, designating exit nodes, etc. It’s super simple to setup as well. No affiliation just a happy user.
Haven't used Tailscale, but it sounds like a pretty good service. I think something like that can be the right way to go for people who really want minimal hassle and configuration. The app also looks really good.
Yggdrasil is pretty dang easy, though. If you don't have your own clearnet peer, there's plenty of public peers on the main net to use. I just prefer using my own peer because I don't intend on sharing my network with other parties. The EC2 server isn't hard to setup and costs peanuts to run. Everything else basically just works as long as you have one or more peers configured. I haven't had a situation where I couldn't get it to work in a few minutes.
> designating exit nodes
As far as I'm aware, that's not a feature of Yggrasil. My understanding is if the IP for a connection falls out of its range (it uses some deprecated range of IPv6 addresses that are technically still valid), it just passes it through without treating it like a potential peer.
The author of SirTunnel also maintains a useful list of software[1] within this domain, from simple tunneling to overlay networks.
[1] https://github.com/anderspitman/awesome-tunneling
If you already have nginx and want to avoid extra dependencies, another option is https://gist.github.com/gdamjan/4586758 .
(I’d love to hear what SirTunnel and caddy bring to the table! I think the auto registering of tunnels is certainly less hacky than the approach in the above gist, but on its own that’s not enough for me to care..)
Main difference I see is SirTunnel handles custom domains and auto certs easier. Also, am I reading correctly that the gist allows anyone to create a tunnel without authentication? I would definitely recommend setting up ssh keys and not doing that.
Heh it does say
> It's that simple there's no authentication at all
In practice it should require ssh key auth, that’s what I’ve always done. But without requiring password. And limited to just being able to create tunnels via the ForceCommand sshd config.
Personally I’ve been using sish[1] recently, lots of ngrok alternatives out there now, especially as the pricing went a bit weird
[1] https://github.com/antoniomika/sish
Added benefit is sish handles all of the hostname/certificate provisioning on its own and does things like internal tunnels, TCP tunnels, and gives you a little website debugging tool as well. All in a single binary :)
Disclaimer: I'm the author of sish
Not to downplay the excellent work you've put into sish (which does have many nice additional features), but SirTunnel is basically just a wrapper around Caddy+SSH, so it also provides any features Caddy includes such as auto certs.
I just started playing with cloudflared as a way to tunnel my dev services to the internet-at-large and it generally just works, and costs me $0. Combine that with the Access product on top, and you can have a Google-auth'd tunnel to your machine that can be stood up within ~5 mins.
Yep, came here to say the same thing. I've used this to expose projects with https where I need a stable url (to do something like Apple Pay domain verification). It worked perfectly for me. I just have 2 tunnels setup "local.mydomain.com" and "api.local.mydomain.com" that map to the 2 ports I use for those things. It make development that needs https (various browser features) and sharing with others much easier. Localhost can normally bypass these restrictions but sometimes I need to test on an iPhone/iPad/Android and that's where cloudflare tunnels really shine for me.
[flagged]
I'm the author of SirTunnel and I recommend Cloudflare Tunnel as the solution for most people today.
That said, competition is valuable and I'm wary of ending up in a place where the best solution today becomes the only solution tomorrow and a terrible solution eventually.
My main side project currently involves building a viable alternative to Cloudflare Tunnel with features like e2ee, better domain name integration, support for selfhosting[0], etc, but the reality is today they're the best option for most people.
[0]: Cloudflare's TOS explicitly forbids hosting non-HTTP content over Tunnel. Which means you're not supposed to do things like running a Plex server or hosting other media. In practice, I haven't heard of many cases of that being enforced.
I can assure you that I am not associated with Cloudflare (nor any company right now!), but a fan of the product.
I'm working on https://github.com/mmastrac/progscrape/ right now, and I'm using it to expose my test server to the internet at large from MacBook. It's insanely simple to do.
Honestly, seeing that stuff and then finding myself guilty of it as well got me to buy stock.
I haven't seen this many people in tech like a company since Apple started getting popular. After using it, I see why. Makes my life easier for a reasonable price (often free).
I am guilty of promoting Cloudflare, but it's cause I genuinely like most of their products and find they save me/my company significant time - including Tunnels, which I use to host several services like a Stable Diffusion web interface for our art team.
That said, their support for NextJS in Pages is pretty frustrating, so if they do have shills that read this, please do something about that :)
it's a variation of the "nobody ever got fired for buying IBM*"- effect
*IBM should probably be replaced with something else soon given how irrelevant they've become
I went down the same rabbit hole as the author, and discovered localhost.run. Nothing new to install, 100% free and has always "just worked" for me.
That's what I've been using as well, I love the no client just SSH approach. I'm currently paying them a couple of dollars a month to use a custom domain and support the service.
I just run a DO droplet with a reserved IP at $4.50 per month. Just enable the SSH gateway and you can reverse-tunnel into it. Cheaper than localhost.run's $3.50 a month if you have multiple domains.
I've had issues with localhost.run going down before, which is why I switched.
The great thing about this method is that it works with literally any provider that provides SSH access.
I no longer have this need as often, but back in the day I set up something for myself just using Traefik and OpenSSH (in docker). Traefik would manage the certs and route traffic to the OpenSSH container that would port forward to my local host with th standard `ssh` commands. It doesn't have all the features of ngrok (maybe SirTunnel does), but was generally enough for my needs.
One of the killer features of ngrok (for me) is that it neatly logs all request- and response data.
Does anyone know of an alternative that does this as well?
I’ve been using Tailscale Funnel for this use case.