Tunnl.gg

This is nice and for those who's asking, it's different from ngrok and the others in that you don't need a separate client, (almost) everyone has ssh installed.

To the author, I wish you best of luck with this but be aware (if you aren't) this will attract all kind of bad and malicious users who want nothing more than a "clean" IP to funnel their badness through.

serveo.net [2] tried it 8 years ago, but when I wanted to use it I at some point I found it was no longer working, as I remember the author said there was too much abuse for him to maintain it as a free service

I ended up self-hosting sish https://docs.ssi.sh instead.

Even the the ones where you have to register like cloudflare tunnels and ngrok are full of malware, which is not a risk to you as a user but means they are often blocked.

Also a little rant, tailscale has their own one also called funnel. It has the benefit of being end-to-end encrypted (in theory) but the downside that you are announcing your service to the world through the certificate transparency logs. So your little dev project will have bots hammering on it (and trying to take your .git folder) within seconds from you activating the funnel. So make sure your little project is ready for the internet with auth and has nothing sensitive at guessable paths.

[2] https://news.ycombinator.com/item?id=14842951

If you keep this up you'll want to add yourself to the public suffix list:

https://publicsuffix.org/

You should also consider grouping your random hostnames under a dedicated subdomain. e.g. "xxx-xxx-xxx.users.tunnl.gg", that separates out cookies and suchlike.

"We cooperate with law enforcement agencies when required by law. While we do not inspect traffic content, we will provide connection logs and IP address information in response to valid legal process (such as a subpoena or court order) to assist in investigations regarding illegal activity."

https://tunnl.gg/assets/index-Bjpn0hFX.js

If the requesting party knows it's possible they might ask for traffic to be logged

I used ngrok when it was the to-go answer for serving localhost (temporarily, not permanent) to the public, but the last time I searched for alternatives I stumbled upon the following jewel.

   > tailscale funnel 3000

   Available on the internet:

   https://some-device-name.tail12345.ts.net/
   |-- proxy http://127.0.0.1:3000

   Press Ctrl+C to exit.

This is a great idea but I'm a bit concerned about your bandwidth costs and illegal/malicious content being hosted used under your domain.

For the second point, you might want to implement some kind of browser warning similar to what Ngrok does.

Shell function;

``` tunnl() { if [ -z "$1" ]; then echo "Usage: tunnl <local-port>" return 1 fi

  ssh -t -R 80:localhost:"$1" proxy.tunnl.gg

There's also https://tunnelmole.com but requires binary or npm install

Is this any different from localtunnel? Nice thing about that one is that its oss, actually we forked it in my company to do some more custom stuff.

Any plan to make it oss?

https://github.com/desplega-ai/localtunnel-server

Built another localhost tunneling tool because I kept forgetting my ngrok auth token.

What it does:

- Expose localhost to the internet (HTTP/TCP/WebSockets) - Zero signup – just works immediately - Free

Nothing groundbreaking, just scratching my own itch for a no-friction tunnel service. Written in Go.

Link: https://tunnl.gg

Happy to answer questions or hear how you'd improve it.

I love the concept, but I have one gripe: the subscription email is coming from a Gmail address, so I have no trust. I'd love to see it coming from the same domain. Also, it went to spam.

How is it different to ngrok? Genuinely curious, I might switch.

Seemingly lacking IPv6 support?

Not that you'd usually need this if you have IPv6 but might still be useful to bypass firewalls or forward access for IPv4 clients from your newer IPv6-only resources.

How are you able to host it for free?

You are mentioning it's encrypted end-to-end; please explain how your server is unable to read the contents of the stream?

Love the approach, simplicity and concept. SPA works fine if entry point is / if /terms /privacy greated with 404.

It's bit less convenient, but I have access to a vps and a dns with a custom domain.

I can create any subdomain I want and tunnel the connexion to any port on my computer.

=> I can spinup a new subdomain in seconds, no data leakage, url that doesn't change, and it's cost nothing.

How does this compare to cloudflare or even a self-hosted tailscale tunnel?

Also do you collect any data? Privacy says

> We do not collect, store, or sell your personal data.

But I guess personal data is a bit ambiguous. You're at the very least collecting my IP (which is fine, I'm just curious)

Interesting! How do you handle port conflicts? What ports for public exposure are available?

I have used serveo.net in the past for the same use case, this looks cool !

That's really cool. I guess this is an alternative to ngrok (which I like but hate due to having to sign in).

How do the Certs work for https?

Periodic reminder that just because Go having an easy to use SSH package made these easy to write, connecting to SSH servers and doing TOFU all the time with the keys is far far less safe than webpki, and this service could be relatively easily mitm'd in key scenarios like people being tricked at conferences. It's not as terrifying as the coffee shop taking payments over SSH, but still, this isn't doing E2EE, it's terminating TLS upstream.

There's no SSHFP record (not that openssh uses it by default, and you'd need DNSSEC to make it actually useful), and no public keys documented anywhere to help people avoid MITM/TOFU events.

I get the UX, but it saddens me to see more SSH products that don't understand the SSH security model.