tun-el
Docs
Open source · written in Go

Your localhost, globally accessible.

Expose any local service to the internet over a single secure, multiplexed tunnel. Live traffic inspection, replayable webhooks, WebSocket support, and automatic TLS — out of the box.

Start tunneling
$brew install tun-el
localhost:3000tun-el edgeclientsyour machine
How tunneling works

One outbound connection. Everything routed.

tun-el establishes a persistent multiplexed channel from your machine to the edge, then routes public traffic back over the same connection — securely and in order.

01

Run the agent

Start tun-el next to your app. A single outbound connection opens — no inbound ports, no firewall changes.

tun-el http 3000
02

Multiplex the tunnel

Every request, WebSocket, and webhook is streamed over one persistent, multiplexed connection to the edge.

→ persistent ws stream
03

Serve the world

Your service is reachable at a stable HTTPS URL with automatic TLS, anycast routing, and global presence.

https://api.tun.el
Live traffic inspector

See every request the moment it happens.

Inspect headers, bodies, timing, and status for all traffic flowing through your tunnel. Replay any request — including webhooks — without leaving your terminal or browser.

  • Full request & response capture with body diffing
  • One-click webhook replay to your local endpoint
  • Filter by method, status, path, or latency
tun-el inspect · :4040
POST/v1/webhooks/stripe42ms200
GET/api/users/me18ms200
POST/v1/checkout/session96ms201
GET/api/feed?cursor=209ms304
DELETE/api/posts/882131ms204
POST/v1/webhooks/github210ms500
6 requests · 1 replayedstreaming
wss://api.tun.el/realtime101 Switching
{"type":"subscribe","channel":"orders"}
{"type":"ack","channel":"orders"}
{"event":"order.created","id":"ord_91x"}
{"type":"ping"}
{"type":"pong"}
WebSocket support

Real-time, bidirectional, and fully transparent.

tun-el speaks WebSocket natively. Frames are forwarded both ways over the same multiplexed tunnel with zero buffering, so live dashboards, collaborative apps, and game servers behave exactly as they do locally.

< 1ms
Frame latency
Unlimited
Concurrent sockets
Built-in
Auto-reconnect
Flow-controlled
Backpressure
Security & TLS

Built for production from the first connection.

tun-el applies zero-trust networking principles so you can expose real services with confidence — not just demos.

Automatic TLS

Every tunnel is served over HTTPS with certificates provisioned and renewed automatically. No manual configuration.

End-to-end encryption

Traffic is encrypted from your agent to the edge. The tunnel control plane never sees plaintext payloads.

Scoped access tokens

Issue per-tunnel credentials with granular scopes and revoke them instantly from the dashboard or CLI.

Request authentication

Gate any tunnel behind OAuth, basic auth, or IP allowlists with a single flag.

Stable domains

Reserve custom subdomains and bring your own domain with CNAME — URLs that never change between sessions.

No inbound exposure

Your machine only makes outbound connections. There are no open ports for attackers to scan.

Performance

Low-latency by design, everywhere.

A Go core, connection multiplexing, and an anycast edge keep overhead in the single-digit milliseconds. tun-el routes each request to the nearest point of presence automatically.

< 10ms
Added p50 latency
99.99%
Edge uptime
300+
Global PoPs
Round-trip by regionlive
SFO
12ms
IAD
9ms
LHR
14ms
FRA
16ms
SIN
22ms
SYD
28ms
Developer workflow

From localhost to live in one command.

No accounts to wire up, no YAML to learn. tun-el fits the way you already work — terminal-first, scriptable, and fast.

zsh — tun-el
$tun-el http 3000
tun-el · forwarding tunnel established
region us-west (sfo) · latency 11ms
Forwarding https://api.tun.el -> http://localhost:3000
Inspector http://localhost:4040
200 POST /v1/webhooks/stripe 42ms
200 GET /api/users/me 18ms
$
Self-hosting & open source

A single Go binary you fully control.

tun-el ships as one statically-linked binary with no runtime dependencies. Run the public edge, or self-host the entire control plane and edge on your own infrastructure. The protocol and server are open source.

View on GitHubRead the docs
12.4k stars 840 forks Apache-2.0
docker-compose.yml
services:
  tun-el-edge:
    image: tunel/edge:latest
    command: server --domain tun.el
    ports:
      - "443:443"
    environment:
      TUNEL_TLS: "auto"
      TUNEL_AUTH: "oidc"
    restart: unless-stopped
Integrations

Drops into the stack you already run.

tun-el is just a binary and an HTTP endpoint, so it composes cleanly with your tools, frameworks, and CI.

CLI & shell
GitHub Actions
Stripe webhooks
Docker
Kubernetes
CI pipelines
Go / Node / Rust
Bring your domain
Pricing

Free and open. Managed when you need it.

Self-host the whole platform at no cost, or let tun-el run the global edge for you.

Open Source

$0self-hosted, forever
  • Full edge + control plane
  • Unlimited tunnels
  • WebSocket & webhook replay
  • Apache-2.0 license
Clone the repo

Pro

Popular
$12per month
  • Managed global edge
  • Reserved & custom domains
  • Live traffic inspector
  • OAuth & IP allowlists
  • Priority routing
Start free trial

Team

Customfor organizations
  • SSO & SCIM
  • Audit logs
  • Dedicated regions
  • SLA & support
Talk to us

Expose your localhost in seconds.

Install the binary, run one command, and share a secure global URL. Free and open source.

Get started free
$curl -fsSL tun.el/install | sh