SirTunnel
Minimal, self-hosted, 0-config alternative to ngrok. Caddy+OpenSSH+50 lines of Python.
Top Related Projects
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Unified ingress for developers
Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
A fast TCP/UDP tunnel over HTTP
GO Simple Tunnel - a simple tunnel written in golang
一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
Quick Overview
SirTunnel is a lightweight, self-hosted alternative to ngrok. It allows users to expose local servers to the internet securely, using a reverse proxy setup. SirTunnel is designed to be simple, efficient, and easy to deploy on your own infrastructure.
Pros
- Self-hosted solution, providing better control over data and privacy
- Lightweight and efficient, with minimal resource requirements
- Easy to set up and use, with straightforward configuration
- Free and open-source, allowing for customization and community contributions
Cons
- Requires some technical knowledge to set up and maintain
- May not have all the features of more comprehensive solutions like ngrok
- Limited documentation compared to commercial alternatives
- Potential security risks if not properly configured
Getting Started
To get started with SirTunnel, follow these steps:
-
Clone the repository:
git clone https://github.com/anderspitman/SirTunnel.git -
Install dependencies:
cd SirTunnel npm install -
Configure SirTunnel by editing the
config.jsonfile:{ "port": 8080, "tunnels": [ { "subdomain": "myapp", "destination": "http://localhost:3000" } ] } -
Start SirTunnel:
node server.js
Your local server running on port 3000 will now be accessible at https://myapp.yourdomain.com.
Competitor Comparisons
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Pros of frp
- More feature-rich, supporting various protocols (TCP, UDP, HTTP, HTTPS, STCP)
- Offers a web-based dashboard for monitoring and management
- Supports load balancing and service discovery
Cons of frp
- More complex setup and configuration
- Heavier resource usage due to additional features
- Steeper learning curve for beginners
Code Comparison
frp configuration example:
[common]
server_addr = x.x.x.x
server_port = 7000
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
SirTunnel configuration example:
const config = {
serverHost: 'example.com',
serverPort: 8080,
localPort: 3000
};
While both projects aim to provide tunneling solutions, frp offers a more comprehensive set of features suitable for complex networking scenarios. SirTunnel, on the other hand, focuses on simplicity and ease of use, making it more accessible for basic tunneling needs. The code comparison highlights the difference in configuration complexity, with frp requiring more detailed setup compared to SirTunnel's straightforward approach.
Unified ingress for developers
Pros of ngrok
- More feature-rich with advanced functionalities like TCP tunneling and custom subdomains
- Well-established with extensive documentation and community support
- Offers a user-friendly web interface for managing tunnels
Cons of ngrok
- Closed-source, which limits customization and self-hosting options
- Requires an account and has usage limitations on free plans
- Can be more complex to set up and use for simple scenarios
Code Comparison
SirTunnel:
async def handle_client(reader, writer):
remote_reader, remote_writer = await asyncio.open_connection(
'127.0.0.1', LOCAL_PORT)
await asyncio.gather(
pipe(reader, remote_writer),
pipe(remote_reader, writer)
)
ngrok:
tunnel, err := ngrok.Listen(ctx,
config.HTTPEndpoint(),
ngrok.WithAuthtokenFromEnv(),
)
if err != nil {
return err
}
While SirTunnel uses Python with a focus on simplicity, ngrok employs Go and offers more configuration options. SirTunnel's code directly handles client connections, whereas ngrok abstracts this process behind its API. ngrok's approach provides more flexibility but may require more setup for basic use cases.
Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
Pros of sslh
- More mature and widely used project with a larger community
- Supports a broader range of protocols (SSH, OpenVPN, HTTP, TLS, etc.)
- Written in C, potentially offering better performance for high-traffic scenarios
Cons of sslh
- More complex configuration and setup process
- Requires compilation from source, which may be challenging for some users
- Less focused on simplicity and ease of use compared to SirTunnel
Code Comparison
sslh (C):
int proto_sslh(struct connection *cnx)
{
char buffer[BUFSIZ];
int n;
n = read(cnx->q[0].fd, buffer, sizeof(buffer));
return parse_sslh_protocol(cnx, buffer, n);
}
SirTunnel (JavaScript):
async function handleConnection(socket) {
const firstChunk = await socket.read();
const protocol = detectProtocol(firstChunk);
forwardToAppropriateBackend(socket, protocol);
}
The code snippets demonstrate the core functionality of protocol detection and handling in both projects. sslh uses a C-based approach with lower-level operations, while SirTunnel employs a more modern, asynchronous JavaScript implementation.
A fast TCP/UDP tunnel over HTTP
Pros of Chisel
- More feature-rich, supporting various protocols and modes (TCP/UDP tunneling, SOCKS5 proxy)
- Cross-platform compatibility (Windows, macOS, Linux)
- Active development and larger community support
Cons of Chisel
- More complex setup and configuration
- Larger codebase, potentially harder to audit for security
- Higher resource usage due to additional features
Code Comparison
SirTunnel (Python):
async def handle_connection(reader, writer):
data = await reader.read(100)
message = data.decode()
addr = writer.get_extra_info('peername')
print(f"Received {message!r} from {addr!r}")
Chisel (Go):
func handleConnection(conn net.Conn) {
defer conn.Close()
b := make([]byte, 100)
n, err := conn.Read(b)
if err != nil {
log.Printf("Error reading: %v", err)
return
}
log.Printf("Received %s from %v", string(b[:n]), conn.RemoteAddr())
}
Both projects aim to create secure tunnels, but Chisel offers more features and broader platform support. SirTunnel, being Python-based, may be easier to modify for specific use cases. The code snippets show similar connection handling approaches, with Chisel using Go's concurrency model and SirTunnel leveraging Python's async capabilities.
GO Simple Tunnel - a simple tunnel written in golang
Pros of gost
- More comprehensive feature set, supporting multiple protocols and proxy types
- Better documentation and active community support
- Cross-platform compatibility (Windows, macOS, Linux, Android)
Cons of gost
- More complex setup and configuration due to extensive features
- Larger codebase, potentially harder to maintain or customize
- Higher resource usage compared to SirTunnel's lightweight approach
Code comparison
SirTunnel (JavaScript):
const tunnel = new SirTunnel({
localPort: 8080,
remoteHost: 'example.com',
remotePort: 80
});
tunnel.start();
gost (Go):
gost.Run(context.Background(), []string{
"-L=:8080",
"-F=tcp://example.com:80",
})
Summary
gost offers a more feature-rich and versatile solution for creating tunnels and proxies, supporting various protocols and platforms. However, this comes at the cost of increased complexity and resource usage. SirTunnel, on the other hand, provides a simpler and more lightweight alternative, focusing on ease of use and quick setup for basic tunneling needs. The choice between the two depends on the specific requirements of the project and the level of functionality needed.
一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
Pros of nps
- More feature-rich, supporting various protocols (TCP, UDP, HTTP, HTTPS, SOCKS5)
- Offers a web-based management interface for easier configuration
- Supports multiple clients and load balancing
Cons of nps
- More complex setup and configuration
- Heavier resource usage due to additional features
- Potentially steeper learning curve for new users
Code Comparison
SirTunnel (Python):
async def handle_client(reader, writer):
data = await reader.read(100)
message = data.decode()
addr = writer.get_extra_info('peername')
print(f"Received {message!r} from {addr!r}")
nps (Go):
func (s *TunnelModeServer) handleConn(conn net.Conn) {
defer conn.Close()
lAddr := conn.LocalAddr().String()
rAddr := conn.RemoteAddr().String()
log.Trace("new connection, local:", lAddr, "remote:", rAddr)
}
Both code snippets show basic connection handling, but nps uses Go and includes more detailed logging.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
What is it?
If you have a webserver running on one computer (say your development laptop), and you want to expose it securely (ie HTTPS) via a public URL, SirTunnel allows you to easily do that.
How do you use it?
If you have:
- A SirTunnel server instance listening on port 443 of
example.com. - A copy of the sirtunnel.py script available on the PATH of the server.
- An SSH server running on port 22 of
example.com. - A webserver running on port 8080 of your laptop.
And you run the following command on your laptop:
ssh -tR 9001:localhost:8080 example.com sirtunnel.py sub1.example.com 9001
Now any requests to https://sub1.example.com will be proxied to your local
webserver.
How does it work?
The command above does 2 things:
- It starts a standard remote SSH tunnel from the server port 9001 to local port 8080.
- It runs the command
sirtunnel.py sub1.example.com 9001on the server. The python script parsessub1.example.com 9001and uses the Caddy API to reverse proxysub1.example.comto port 9001 on the server. Caddy automatically retrieves an HTTPS cert forsub1.example.com.
Note: The -t is necessary so that doing CTRL-C on your laptop stops the
sirtunnel.py command on the server, which allows it to clean up the tunnel
on Caddy. Otherwise it would leave sirtunnel.py running and just kill your
SSH tunnel locally.
How is it different?
There are a lot of solutions to this problem. In fact, I've made something of a hobby of maintaining a list of the ones I've found so far.
The main advantages of SirTunnel are:
- Minimal. It leverages Caddy and whatever SSH server you already have running on your server. Other than that, it consists of a 50-line Python script on the server. That's it. Any time you spend learning to customize and configure it will be time well spent because you're learning Caddy and your SSH server.
- 0-configuration. There is no configuration on the server side. Not even CLI arguments.
- Essentially stateless. The only state is the certs (which is handled entirely by Caddy) and the tunnel mappings, which are ephemeral and controlled by the clients.
- Automatic HTTPS certificate management. Some other solutions do this as well, so it's important but not unique.
- No special client is required. You can use any standard SSH client that supports remote tunnels. Again, this is not a unique feature.
Running the server
Assuming you already have an ssh server running, getting the SirTunnel server
going consists of simply downloading a copy of Caddy and running it with the
provided config. Take a look at install.sh and
run_server.sh for details.
Note: Caddy needs to bind to port 443, either by running as root (not
recommended), setting the CAP_NET_BIND_SERVICE capability on the Caddy binary
(what the install.sh script does), or changing caddy_config.json to bind
to a different port (say 9000) and using something like iptables to forward
to that port.
Future Features
SirTunnel is intended to be a minimal tool. As such, I'm unlikely to add many features moving forward. However, the simplicity makes it easier to modify for your needs. If you find a feature missing, maybe one of the forks below has what you need or gives you some ideas:
- https://github.com/matiboy/SirTunnel adds functionality to help multiple users avoid overwriting each others' tunnels.
- https://github.com/daps94/SirTunnel implements tunnel checking and auto cleanup to address issue with stale tunnels.
Top Related Projects
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Unified ingress for developers
Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
A fast TCP/UDP tunnel over HTTP
GO Simple Tunnel - a simple tunnel written in golang
一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发,可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析、内网socks5代理等等……,并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot