Top Related Projects
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Unified ingress for developers
List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
A fast TCP/UDP tunnel over HTTP
GO Simple Tunnel - a simple tunnel written in golang
Quick Overview
go-http-tunnel is a Go library and command-line tool that allows you to expose local servers behind NATs and firewalls to the public internet over a secure tunnel. It provides a simple way to create HTTP and TCP tunnels, making it easy to share local web services or applications with others.
Pros
- Easy to set up and use, with both library and command-line interfaces
- Supports both HTTP and TCP tunneling
- Secure communication using TLS encryption
- Lightweight and efficient, written in Go
Cons
- Limited documentation and examples
- May require additional configuration for complex networking setups
- Not as feature-rich as some commercial alternatives
- Potential security risks if not properly configured
Code Examples
- Creating a simple HTTP tunnel:
package main
import (
"log"
"net/http"
"github.com/mmatczuk/go-http-tunnel"
)
func main() {
tunnelConfig := &tunnel.ClientConfig{
ServerAddr: "example.com:5223",
Tunnels: map[string]*tunnel.Tunnel{
"my-app": {
Proto: "http",
Addr: "localhost:8080",
},
},
}
client, err := tunnel.NewClient(tunnelConfig)
if err != nil {
log.Fatal(err)
}
err = client.Start()
if err != nil {
log.Fatal(err)
}
select {}
}
- Creating a TCP tunnel:
package main
import (
"log"
"github.com/mmatczuk/go-http-tunnel"
)
func main() {
tunnelConfig := &tunnel.ClientConfig{
ServerAddr: "example.com:5223",
Tunnels: map[string]*tunnel.Tunnel{
"ssh": {
Proto: "tcp",
Addr: "localhost:22",
},
},
}
client, err := tunnel.NewClient(tunnelConfig)
if err != nil {
log.Fatal(err)
}
err = client.Start()
if err != nil {
log.Fatal(err)
}
select {}
}
- Using custom TLS configuration:
package main
import (
"crypto/tls"
"log"
"github.com/mmatczuk/go-http-tunnel"
)
func main() {
tlsConfig := &tls.Config{
InsecureSkipVerify: true,
}
tunnelConfig := &tunnel.ClientConfig{
ServerAddr: "example.com:5223",
TLSConfig: tlsConfig,
Tunnels: map[string]*tunnel.Tunnel{
"my-app": {
Proto: "http",
Addr: "localhost:8080",
},
},
}
client, err := tunnel.NewClient(tunnelConfig)
if err != nil {
log.Fatal(err)
}
err = client.Start()
if err != nil {
log.Fatal(err)
}
select {}
}
Getting Started
To use go-http-tunnel in your Go project:
-
Install the library:
go get github.com/mmatczuk/go-http-tunnel
-
Import the package in your Go code:
import "github.com/mmatczuk/go-http-tunnel"
-
Create a
ClientConfig
with your desired tunnel settings and start the client as shown in the code examples above.
Competitor Comparisons
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Pros of frp
- Supports multiple protocols (TCP, UDP, HTTP, HTTPS, STCP)
- More feature-rich with load balancing, custom domains, and plugins
- Active development with frequent updates and larger community
Cons of frp
- More complex configuration and setup
- Higher resource usage due to additional features
- Steeper learning curve for beginners
Code Comparison
frp configuration example:
[common]
server_addr = x.x.x.x
server_port = 7000
[web]
type = http
local_port = 80
custom_domains = example.com
go-http-tunnel configuration example:
tunnel:
server_addr: "example.com:5223"
insecure_skip_verify: true
tunnels:
- name: "web"
proto: "http"
addr: "localhost:80"
Both projects aim to provide tunneling solutions, but frp offers a more comprehensive feature set at the cost of increased complexity. go-http-tunnel focuses on simplicity and ease of use, making it more suitable for basic HTTP tunneling needs. frp's broader protocol support and advanced features make it a better choice for complex networking scenarios, while go-http-tunnel excels in straightforward HTTP tunneling applications.
Unified ingress for developers
Pros of ngrok
- More feature-rich, offering advanced functionalities like OAuth and custom domains
- Provides a user-friendly web interface for managing tunnels
- Offers a robust free tier with generous usage limits
Cons of ngrok
- Closed-source, which may limit customization and self-hosting options
- Can be more complex to set up and configure for advanced use cases
- Paid plans can be expensive for high-volume users
Code Comparison
ngrok:
tunnel := ngrok.NewTunnel()
err := tunnel.Start("http://localhost:8080")
if err != nil {
log.Fatal(err)
}
go-http-tunnel:
tunnel := tunnel.NewServer(&tunnel.ServerConfig{
Addr: ":8080",
})
err := tunnel.Start()
if err != nil {
log.Fatal(err)
}
Key Differences
- go-http-tunnel is open-source, allowing for more flexibility and customization
- ngrok offers a more comprehensive set of features out-of-the-box
- go-http-tunnel may be better suited for simpler, self-hosted tunneling needs
- ngrok provides a more polished user experience with its web interface and documentation
- go-http-tunnel might be preferred for projects requiring full control over the tunneling process
Both projects serve the purpose of creating secure tunnels, but they cater to different use cases and user preferences. The choice between them depends on specific requirements, such as the need for advanced features, self-hosting capabilities, and budget considerations.
List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
Pros of awesome-tunneling
- Comprehensive list of tunneling tools and resources
- Regularly updated with community contributions
- Covers a wide range of tunneling solutions for various use cases
Cons of awesome-tunneling
- Not a standalone tunneling solution, just a curated list
- Requires users to evaluate and choose from multiple options
- May overwhelm beginners with too many choices
Code comparison
Not applicable, as awesome-tunneling is a curated list and doesn't contain code.
go-http-tunnel example:
tunnel := &Tunnel{
Host: "example.com",
Port: 80,
Remote: "localhost:8080",
}
client.Listen(tunnel)
Summary
awesome-tunneling is a curated list of tunneling tools and resources, while go-http-tunnel is a specific tunneling implementation in Go. awesome-tunneling provides a comprehensive overview of available solutions, making it useful for research and comparison. However, it requires users to evaluate and choose from multiple options, which may be overwhelming for beginners.
go-http-tunnel, on the other hand, offers a ready-to-use tunneling solution with a focused set of features. It's more suitable for users who need a specific Go-based tunneling implementation without the need to explore multiple options.
The choice between the two depends on whether you need a specific tunneling solution (go-http-tunnel) or want to explore and compare various tunneling options (awesome-tunneling).
Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
Pros of sslh
- Multi-protocol support: Handles various protocols (HTTP, SSH, OpenVPN, etc.) on a single port
- Written in C, potentially offering better performance for low-level operations
- Mature project with a longer history and wider adoption
Cons of sslh
- Less focused on HTTP tunneling specifically
- May require more complex configuration for advanced use cases
- Not written in Go, which could be a disadvantage for Go-centric environments
Code Comparison
sslh (C):
/* Parse command-line options */
parse_cmdline(argc, argv);
/* Open syslog connection */
setup_syslog();
/* Init protocols */
init_protocols();
go-http-tunnel (Go):
// Parse command-line flags
flag.Parse()
// Set up logging
log.SetFlags(log.Lshortfile)
// Create and start the tunnel
tunnel := tunnel.New(config)
tunnel.Start()
Both projects handle command-line parsing and logging setup, but go-http-tunnel's code is more concise due to Go's standard library. sslh's code reflects its multi-protocol nature, while go-http-tunnel focuses specifically on HTTP tunneling.
A fast TCP/UDP tunnel over HTTP
Pros of chisel
- More feature-rich, supporting both TCP and UDP tunneling
- Offers a user-friendly web interface for management
- Includes built-in server and client fingerprinting for enhanced security
Cons of chisel
- May have a steeper learning curve due to more advanced features
- Potentially higher resource usage compared to go-http-tunnel
- Less focused on HTTP-specific tunneling
Code Comparison
go-http-tunnel:
tunnel := &Tunnel{
Host: "example.com",
Listener: l,
Protocol: "http",
}
chisel:
chisel.NewServer(&chisel.Config{
Reverse: true,
Auth: "user:pass",
})
Summary
While go-http-tunnel focuses specifically on HTTP tunneling with simplicity, chisel offers a more comprehensive tunneling solution with support for various protocols. chisel provides additional features like a web interface and enhanced security measures, but may require more resources and have a steeper learning curve. go-http-tunnel might be preferable for simpler HTTP-specific use cases, while chisel is better suited for more complex tunneling requirements across different protocols.
GO Simple Tunnel - a simple tunnel written in golang
Pros of gost
- More comprehensive feature set, including support for multiple protocols (HTTP, SOCKS4, SOCKS5, SS)
- Highly configurable with various encryption and authentication options
- Active development and regular updates
Cons of gost
- More complex setup and configuration due to extensive features
- Potentially higher resource usage for simple tunneling tasks
- Steeper learning curve for basic use cases
Code comparison
go-http-tunnel:
tunnel := &Tunnel{
Host: "example.com",
Port: 80,
Protocol: "http",
}
client.OpenTunnel(tunnel)
gost:
chain := gost.NewChain(
gost.Node{Addr: "localhost:8080", Protocol: "http"},
gost.Node{Addr: "example.com:443", Protocol: "tls"},
)
gost.RunChain(chain)
Summary
gost offers a more feature-rich and versatile solution for creating secure tunnels and proxies, supporting multiple protocols and advanced configurations. However, this comes at the cost of increased complexity and potentially higher resource usage. go-http-tunnel, on the other hand, provides a simpler and more focused approach to HTTP tunneling, which may be preferable for users with straightforward requirements or those who prioritize ease of use.
When choosing between the two, consider your specific needs, the level of customization required, and your familiarity with tunneling concepts. gost is better suited for complex scenarios or users who need support for multiple protocols, while go-http-tunnel may be more appropriate for simpler HTTP tunneling tasks.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Go HTTP tunnel
Go HTTP tunnel is a reverse tunnel based on HTTP/2. It enables you to share your localhost when you don't have a public IP.
Features:
- HTTP proxy with basic authentication
- TCP proxy
- SNI vhost proxy
- Client auto reconnect
- Client management and eviction
- Easy to use CLI
Common use cases:
- Hosting a game server from home
- Developing webhook integrations
- Managing IoT devices
Project Status
IF YOU WOULD LIKE TO SEE THIS PROJECT MODERNIZED PLEASE UPVOTE THE ISSUE.
Installation
Build the latest version.
$ go get -u github.com/mmatczuk/go-http-tunnel/cmd/...
Alternatively download the latest release.
Running
There are two executables:
tunneld
- the tunnel server, to be run on publicly available host like AWS or GCEtunnel
- the tunnel client, to be run on your local machine or in your private network
To get help on the command parameters run tunneld -h
or tunnel -h
.
Tunnel requires TLS certificates for both client and server.
$ openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout client.key -out client.crt
$ openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout server.key -out server.crt
Run client:
- Install
tunnel
binary - Make
.tunnel
directory in your project directory - Copy
client.key
,client.crt
to.tunnel
- Create configuration file
tunnel.yml
in.tunnel
- Start all tunnels
$ tunnel -config ./tunnel/tunnel.yml start-all
Run server:
- Install
tunneld
binary - Make
.tunneld
directory - Copy
server.key
,server.crt
to.tunneld
- Start tunnel server
$ tunneld -tlsCrt .tunneld/server.crt -tlsKey .tunneld/server.key
This will run HTTP server on port 80
and HTTPS (HTTP/2) server on port 443
. If you want to use HTTPS it's recommended to get a properly signed certificate to avoid security warnings.
Run Server as a Service on Ubuntu using Systemd:
- After completing the steps above successfully, create a new file for your service (you can name it whatever you want, just replace the name below with your chosen name).
$ vim tunneld.service
- Add the following configuration to the file
[Unit]
Description=Go-Http-Tunnel Service
After=network.target
After=network-online.target
[Service]
ExecStart=/path/to/your/tunneld -tlsCrt /path/to/your/folder/.tunneld/server.crt -tlsKey /path/to/your/folder/.tunneld/server.key
TimeoutSec=30
Restart=on-failure
RestartSec=30
[Install]
WantedBy=multi-user.target
- Save and exit this file.
- Move this new file to /etc/systemd/system/
$ sudo mv tunneld.service /etc/systemd/system/
- Change the file permission to allow it to run.
$ sudo chmod u+x /etc/systemd/system/tunneld.service
- Start the new service and make sure you don't get any errors, and that your client is able to connect.
$ sudo systemctl start tunneld.service
- You can stop the service with:
$ sudo systemctl stop tunneld.service
- Finally, if you want the service to start automatically when the server is rebooted, you need to enable it.
$ sudo systemctl enable tunneld.service
There are many more options for systemd services, and this is by not means an exhaustive configuration file.
Configuration
The tunnel client tunnel
requires configuration file, by default it will try reading tunnel.yml
in your current working directory. If you want to specify other file use -config
flag.
Sample configuration that exposes:
localhost:8080
aswebui.my-tunnel-host.com
- host in private network for ssh connections
looks like this
server_addr: SERVER_IP:5223
tunnels:
webui:
proto: http
addr: localhost:8080
auth: user:password
host: webui.my-tunnel-host.com
ssh:
proto: tcp
addr: 192.168.0.5:22
remote_addr: 0.0.0.0:22
tls:
proto: sni
addr: localhost:443
host: tls.my-tunnel-host.com
Configuration options:
server_addr
: server TCP address, i.e.54.12.12.45:5223
tls_crt
: path to client TLS certificate, default:client.crt
in the config file directorytls_key
: path to client TLS certificate key, default:client.key
in the config file directoryroot_ca
: path to trusted root certificate authority pool file, if empty any server certificate is acceptedtunnels / [name]
proto
: tunnel protocol,http
,tcp
orsni
addr
: forward traffic to this local port number or network address, forproto=http
this can be full URL i.e.https://machine/sub/path/?plus=params
, supports URL schemeshttp
andhttps
auth
: (proto=http
) (optional) basic authentication credentials to enforce on tunneled requests, formatuser:password
host
: (proto=http
,proto=sni
) hostname to request (requires reserved name and DNS CNAME)remote_addr
: (proto=tcp
) bind the remote TCP address
backoff
interval
: how long client would wait before redialing the server if connection was lost, exponential backoff initial interval, default:500ms
multiplier
: interval multiplier if reconnect failed, default:1.5
max_interval
: maximal time client would wait before redialing the server, default:1m
max_time
: maximal time client would try to reconnect to the server if connection was lost, set0
to never stop trying, default:15m
How it works
A client opens TLS connection to a server. The server accepts connections from known clients only. The client is recognized by its TLS certificate ID. The server is publicly available and proxies incoming connections to the client. Then the connection is further proxied in the client's network.
The tunnel is based HTTP/2 for speed and security. There is a single TCP connection between client and server and all the proxied connections are multiplexed using HTTP/2.
Donation
If this project help you reduce time to develop, you can give me a cup of coffee.
A GitHub star is always appreciated!
License
Copyright (C) 2017 MichaÅ Matczuk
This project is distributed under the AGPL-3 license. See the LICENSE file for details. If you need an enterprise license contact me directly.
Top Related Projects
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Unified ingress for developers
List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)
A fast TCP/UDP tunnel over HTTP
GO Simple Tunnel - a simple tunnel written in golang
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot