Skip to main content

HTTP Tunnels

To set up a HTTP tunnel to port 8080, request a port forward from port 80 by running the following command:

ssh -R 80:localhost:8080 forwards HTTP traffic down your tunnel to your app, and automatically adds encrypted HTTPS endpoints for your clients to optionally connect to.

Prefix your domain name with https:// to access your tunnel over HTTPS, and localhost will unwrap the encryption for you and send the plain HTTP requests to your app.

Proxy headers

Reverse proxy headers are automatically added to HTTP requests, specifically X_Forwarded_For, X_Forwarded_Host, X_Forwarded_Proto and the newer Forwarded header.

These can be turned off with a command line option if required.

Carrying non-HTTP protocols over TLS

Clients connecting to port 443 over TLS do not have to talk the HTTP protocol, any protocol from TLS capable client will be sent down your tunnel.

For example, a PostgreSQL server listening on port 5432 could be connected to a tunnel with this command:

ssh -R 80:localhost:5432

and TLS clients could then connect to the generated domain on port 443.

Your app connected to your tunnel should be listening for plain TCP because will take care of certificates and decryption for you.


Currently only Custom Domains can carry non-HTTP protocols.