ss

Secure Ephemeral
Tunnels

Secure, ephemeral reverse proxy tunnels for developers. Expose your local development server to the internet with a secure, time-limited URL. Perfect for testing webhooks, sharing work-in-progress with clients, quick demos, or developing APIs.

⚡ Instant setup • 🔒 Token auth • ⏱️ Auto-expire • 🚦 Rate limited
GitHubTry Online

Get started in seconds

Expose your local development server to the internet with a secure, time-limited URL.

ssrok 3000Expose localhost:3000
ssrok localhost:8080Custom host:port
ssrok 192.168.1.5:8000LAN server
Key Features

Everything you need for
secure tunneling.

Fast, secure, and ephemeral — ssrok gives you public URLs that auto-expire, with built-in rate limiting and optional password protection.

Fast128KB buffers, yamux multiplexing
🔒E2E EncryptionChaCha20-Poly1305, server cannot see traffic
🎫Magic LinksURLs with embedded tokens
⏱️EphemeralAuto-expire after 1 hour
🚦Rate LimitingPer-IP, per-session throttling
📝DashboardReal-time request inspector
📱QR CodesScan to open public URLs
💾RedisOptional persistence
Mobile Testing

Instant QR Codes
for Mobile Testing

Test your local websites and webhooks on mobile devices instantly. Every tunnel comes with a unique QR code in your terminal. No more typing long URLs on your phone.

Secure Access
One-click Open

Scan to test

Demo Tunnel

How It Works

Architecture

How ssrok creates secure tunnels between your local server and the public internet

LOCAL

ssrok CLI

localhost:3000
Relay

ssrok Server

E2E Encrypted

PUBLIC

Visitor

Any Browser

Client

Your machine running ssrok CLI, encrypts all traffic before sending

Server

ssrok server (your instance or ssrok.onrender.com), only sees encrypted data

Visitor

Anyone accessing your public URL via HTTPS

Programmatic Access

REST API

Create tunnels programmatically via the REST API for CI/CD pipelines and automated workflows.

Request

curl -X POST https://your-server.com/api/register \
  -H "Content-Type: application/json" \
  -d '{
    "port": 3000,
    "password": "optional",
    "rate_limit": 60,
    "use_tls": false,
    "expires_in": "1h"
  }'

Response

{
  "uuid": "abc123",
  "url": "https://your-server.com/abc123",
  "token": "xyz789",
  "expires_in": "1h0m0s"
}

Connect via WebSocket

wss://your-server.com/ws/abc123?token=xyz789

Request Fields

FieldTypeRequiredDescription
portintYesLocal port to tunnel
passwordstringNoOptional password protection
rate_limitintNoRequests per minute (0=unlimited)
use_tlsboolNoEnable TLS for local connection
expires_instringNoDuration (e.g. "1h", "30m")

Security Features

  • Token Authentication: Required for all connections to prevent unauthorized usage
  • Password Protection: Optional SHA256 password protection for your public URLs
  • Rate Limiting: Built-in DDoS prevention (default: unlimited), fully configurable
  • Brute Force Protection: IP banning after 5 failed authentication attempts (15 min ban)
  • Audit Logging: Comprehensive logs for all security-critical events
  • End-to-End Encryption: ChaCha20-Poly1305 with X25519 key exchange

Limitations

  • 100MB Body Limit: Maximum allowed request body size (e.g. file uploads)
  • Set-Cookie stripped: Cookie-based sessions will not persist immediately on the tunnel domain. Use JWT/Bearer tokens for API authentication
  • Strict-Transport-Security (HSTS) stripped from responses
  • Content-Security-Policy (CSP) stripped from responses
  • X-Frame-Options & X-Xss-Protection stripped from responses
Server Configuration

Environment Variables

VariableDefaultDescription
PORT80Server listen port
SSROK_SERVERlocalhostPublic hostname
SSROK_ENABLE_TLSfalseEnable built-in TLS
REDIS_HOST(none)Redis host (optional)
REDIS_PORT6379Redis port
Full Control

Self-Hosting

Host your own ssrok server for complete control over your data and infrastructure

  1. 1Build the Server: Run `make build-server` to generate the ssrok-server binary
  2. 2Deploy: Upload the ssrok-server binary to your VPS or cloud server
  3. 3Run: Execute the binary on your server
  4. 4Configure: Set environment variables to match your domain
$ ./ssrok-server

Ready to tunnel?

Install ssrok and start sharing your local servers in seconds.

Homebrew

$brew tap selcuksarikoz/ssrok https://github.com/selcuksarikoz/ssrok
$brew install ssrok

Apple Silicon (ARM64)

$curl -sL https://github.com/selcuksarikoz/ssrok/releases/latest/download/ssrok-darwin-arm64 -o /usr/local/bin/ssrok
$chmod +x /usr/local/bin/ssrok

Intel (AMD64)

$curl -sL https://github.com/selcuksarikoz/ssrok/releases/latest/download/ssrok-darwin-amd64 -o /usr/local/bin/ssrok
$chmod +x /usr/local/bin/ssrok

All binaries are signed and available for manual download on the GitHub Releases page.