Skip to content

45 tools to exposes local server ports to the internet

Posted on by Gustavo Henrique

The tools listed here solve at least one of the following challenges:

  • Register a domain name and automatically points the records at the server running the tunnels.
  • Sets up and manages HTTPS certificates (apex and subdomains) for the domain.
  • Provides a client tool that tunnels HTTP/TCP connections through the server without requiring root on the client.
  • Provides a simple GUI interface to allow me to map X domain/subdomain to Y port on Z client, and proxy all connections to that domain.

Open Source

  • frp - Comprehensive open alternative to ngrok. Supports UDP, and has a P2P mode. I believe it uses a custom TCP protocol for multiplexing, which can either run over a single TCP connection or a connection pool.
  • ngrok 1.0 - Original version of ngrok. No longer developed in favor of the commercial 2.0 version.
  • localtunnel - Written in node. Popular suggestion.
  • Teleport - Comprehesive control plane tool, but also supports accessing apps behind NATs. Written in Go.
  • Nebula - Peer-to-peer overlay network. Developed and used internally by Slack. Similar to Tailscale but completely open source. Doesn’t use WireGuard. Written in Go.
  • ZeroTier - Layer 2 overlay network. They take decentralization seriously, and like to say “decentralize until it hurts, then centralize until it works.” Written in C++.
  • sshuttle - Open source project originally from one of the founders of Tailscale. Server doesn’t require root; client does. Explicitly designed to avoid TCP-over-TCP issues.
  • chisel - SSH under the hood, but still uses a custom client binary. Supports auto certs from LetsEncrypt. Written in Go.
  • expose - ngrok alternative written in PHP.
  • Pritunl - Seems quite comprehensive and complicated. OpenVPN, WireGuard, and IPSec support.
  • rathole - Similar to frp, including the config format, but with improved performance. Low resource consumption. Hot reload. Written in Rust.
  • go-http-tunnel - Uses a single HTTP/2 connection for muxing. Need to manually generate certs for server and clients.
  • sish - Open source ngrok/serveo alternative. SSH-based but uses a custom server written in Go. Supports WebSocket tunneling.
  • tunnelto - Open source (MIT). Written in Rust.
  • wstunnel - Proxies over WebSockets. Focus on proxying from behind networks that block certain protocols. Written in Haskell with executables provided.
  • PageKite - Comprehensive open source solution with hosted options.
  • Crowbar - Tunnels TCP connections over HTTP GET and POST requests.
  • boringproxy - Designed to be very easy to use. No config files. Clients can be remote-controlled through a simple WebUI and/or REST API on the server.
  • tunneller - Open source. Written in Go.
  • jprq - Proxies over WebSockets. Written in Python.
  • tunnel - This one is a Golang library, not a program you can just run. However, it looks easy to use for creating custom solutions. Uses a single TCP socket, and yamux for multiplexing.
  • pgrok - Fork of ngrok 1.0, with more recent commits.
  • SirTunnel - Minimal, self-hosted, 0-config alternative to ngrok. Similar to sish but leverages Caddy+OpenSSH rather than custom server code.
  • docker-tunnel - Simple Docker-based nginx+SSH solution.
  • remotemoe - SSH-based, with custom golang server. Does some cool unique things. Instead of just plain tunnels, it drops you into a basic CLI UI that offers several useful commands interactively, such as adding a custom hostname. Also allows end-to-end encryption for both HTTPS and upstream SSH. Doesn’t appear to offer non-e2e HTTPS, ie no auto Let’s Encrypt support.
  • holepunch.io - Has nice hosted solution. Uses SSH for muxing.
  • StaqLab Tunnel - SSH-based. Client is open source. Server doesn’t appear to be.
  • tnnlink - SSH-based. Golang. Not maintained.
  • Telebit - Written in JS.
  • SSH-J.com - Public SSH Jump & Port Forwarding server. No software, no registration, just an anonymous SSH server for forwarding. Users are encouraged to use it for SSH exposure only, to preserve end-to-end encryption. No public ports, only in-SSH connectivity. Run ssh ssh-j.com and it will display usage information.
  • Ngrok-operator - Ngrok but integrated with Kubernetes, allows developers on private kubernetes to easily access their services via Ngrok.

Closed Source

  • ngrok 2.0 - Probably the gold standard and most popular. Closed source. Lots of features, including TLS and TCP tunnels. Doesn’t require root to run client.
  • CloudFlare Tunnel - Excellent free option. Nicely integrates tunneling with the rest of Cloudflare’s products, which include DNS and auto HTTPS. Client source code is Apache 2.0 licensed and written in Golang.
  • Tailscale - Built on WireGuard. Easy to use. Doesn’t include an HTTPS proxy on the public side, but could be combined with nginx/Caddy/etc. Client code available with a BSD3 license + separate patents file.
  • Loophole - Offers end-to-end TLS encryption with the client automatically getting certs from Let’s Encrypt. QR codes for URL sharing. Client is open source. Can serve a local directory over WebDAV. MIT License. Written in Go.
  • localhost.run - Simple hosted SSH option. Supports custom domains for a cost.
  • Packetriot - Comprehensive alternative to ngrok. HTTP Inspector, Let’s Encrypt integration, doesn’t require root and Linux repos for apt, yum and dnf. Enterprise licenses and self-hosted option.
  • Hoppy - WireGuard-based. Provides static IPv4 and IPv6 addresses for your machines, which is a simple and useful level of abstraction. Targeted towards self-hosters and people behind NATs.
  • gw.run - Specifically focusing on securely exposing internal web apps to a group of people; not for publicly facing apps. Share access via email address then allow users to log in with common login providers like Google.
  • SSHReach.me - Paid SSH-based option. Uses a simple python script.
  • KubeSail - Company offering tunneling, dynamic DNS, and other services for self-hosting with Kubernetes.
  • inlets - Used to be open source; now focused on a polished commercial offering. Designed to work well with Kubernetes.
  • LocalToNet - Supports UDP. Free for a single tunnel. Paid supports custom domains.

Reference

This content is a rip-off of the following link: