bagas/tunnel-please
Public Access
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 8 Wiki Activity
269 Commits 1 Branch 24 Tags
bd2b843e5dd232f08d68cd7e14549716113e0032
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Renovate-Clanker bd2b843e5d
Tests / Run Tests (pull_request) Successful in 1m9s
Details
chore(deps): update actions/checkout action to v6
2026-01-27 18:11:54 +00:00
.gitea/workflows
chore(deps): update actions/checkout action to v6
2026-01-27 18:11:54 +00:00
.github/workflows
chore(deps): update actions/checkout action to v6
2025-12-29 10:03:19 +00:00
docs/images
docs: show CI/CD status badge and mascot in README
2026-01-27 16:28:20 +07:00
internal
test: check and handle error for testing
2026-01-27 16:28:20 +07:00
server
test: check and handle error for testing
2026-01-27 16:28:20 +07:00
session
test(interaction): add unit tests for interaction behavior
2026-01-27 16:28:20 +07:00
types
test(stream): add unit tests for stream behavior
2026-01-27 16:28:20 +07:00
.dockerignore
refactor: use relative paths for certificates instead of absolute paths
2025-12-28 19:53:03 +07:00
.gitignore
ci: update SonarQube action configuration
2026-01-27 16:28:20 +07:00
docker-compose.root.yml
feat: add docker compose deployment configurations
2025-12-29 15:57:16 +07:00
docker-compose.standard.yml
feat: add docker compose deployment configurations
2025-12-29 15:57:16 +07:00
docker-compose.tcp.yml
feat: add docker compose deployment configurations
2025-12-29 15:57:16 +07:00
Dockerfile
refactor(dockerfile): split long ldflags line
2026-01-27 16:28:20 +07:00
go.mod
fix(deps): update module github.com/stretchr/testify to v1.11.1
2026-01-27 11:19:47 +00:00
go.sum
fix(deps): update module github.com/stretchr/testify to v1.11.1
2026-01-27 11:19:47 +00:00
LICENSE.md
Update LICENSE.md
2025-12-08 16:02:51 +00:00
main.go
test(bootstrap): add unit tests for initial bootstrap behavior
2026-01-27 16:28:20 +07:00
README.md
docs: show CI/CD status badge and mascot in README
2026-01-27 16:28:20 +07:00
renovate.json
chore(config): migrate config renovate.json
2025-12-29 14:57:09 +00:00

README.md

gopher

Tunnel Please

A lightweight SSH-based tunnel server



Coverage Lines of Code Quality Gate Status Security Issues Maintainability Rating Reliability Rating Security Rating

Features

  • SSH interactive session with real-time command handling
  • Custom subdomain management for HTTP tunnels
  • Dual protocol support: HTTP and TCP tunnels
  • Real-time connection monitoring

Requirements

  • Go 1.18 or higher
  • Valid domain name for subdomain routing

Environment Variables

The following environment variables can be configured in the .env file:

Variable Description Default Required
DOMAIN Domain name for subdomain routing localhost No
PORT SSH server port 2200 No
HTTP_PORT HTTP server port 8080 No
HTTPS_PORT HTTPS server port 8443 No
KEY_LOC Path to the private key file certs/privkey.pem No
TLS_ENABLED Enable TLS/HTTPS false No
TLS_REDIRECT Redirect HTTP to HTTPS false No
TLS_STORAGE_PATH Path to store TLS certificates certs/tls/ No
ACME_EMAIL Email for Let's Encrypt registration admin@<DOMAIN> No
CF_API_TOKEN Cloudflare API token for DNS-01 challenge - Yes (if auto-cert)
ACME_STAGING Use Let's Encrypt staging server false No
CORS_LIST Comma-separated list of allowed CORS origins - No
ALLOWED_PORTS Port range for TCP tunnels (e.g., 40000-41000) 40000-41000 No
BUFFER_SIZE Buffer size for io.Copy operations in bytes (4096-1048576) 32768 No
MAX_HEADER_SIZE Maximum size of HTTP headers in bytes (4096-131072) 4096 No
PPROF_ENABLED Enable pprof profiling server false No
PPROF_PORT Port for pprof server 6060 No
MODE Runtime mode: standalone or node standalone No
GRPC_ADDRESS gRPC server address/host used in node mode localhost No
GRPC_PORT gRPC server port used in node mode 8080 No
NODE_TOKEN Authentication token sent to controller in node mode - Yes (node mode)

Note: All environment variables now use UPPERCASE naming. The application includes sensible defaults for all variables, so you can run it without a .env file for basic functionality.

Docker Deployment

Three Docker Compose configurations are available for different deployment scenarios. Each configuration uses the image git.fossy.my.id/bagas/tunnel-please:latest.

Configuration Options

1. Root with Host Networking (RECOMMENDED)

File: docker-compose.root.yml

Advantages:

  • Full TCP port forwarding support (ports 40000-41000)
  • Direct binding to privileged ports (80, 443, 2200)
  • Best performance with no NAT overhead
  • Maximum flexibility for all tunnel types
  • No port mapping limitations

Use Case: Production deployments where you need unrestricted TCP forwarding and maximum performance.

Deploy:

docker-compose -f docker-compose.root.yml up -d

2. Standard (HTTP/HTTPS Only)

File: docker-compose.standard.yml

Advantages:

  • Runs with unprivileged user (more secure)
  • Standard port mappings (2200, 80, 443)
  • Simple and predictable networking
  • TCP port forwarding disabled (ALLOWED_PORTS=none)

Use Case: Deployments where you only need HTTP/HTTPS tunneling without custom TCP port forwarding.

Deploy:

docker-compose -f docker-compose.standard.yml up -d

3. Limited TCP Forwarding

File: docker-compose.tcp.yml

Advantages:

  • Runs with unprivileged user (more secure)
  • Standard port mappings (2200, 80, 443)
  • Limited TCP forwarding (ports 30000-31000)
  • Controlled port range exposure

Use Case: Deployments where you need both HTTP/HTTPS tunneling and limited TCP forwarding within a specific port range.

Deploy:

docker-compose -f docker-compose.tcp.yml up -d

Quick Start

  1. Choose your configuration based on your requirements
  2. Edit the environment variables in the chosen compose file:
    • DOMAIN: Your domain name (e.g., example.com)
    • ACME_EMAIL: Your email for Let's Encrypt
    • CF_API_TOKEN: Your Cloudflare API token (if using automatic TLS)
  3. Deploy: 
    docker-compose -f docker-compose.root.yml up -d
  4. Check logs: 
    docker-compose -f docker-compose.root.yml logs -f
  5. Stop the service: 
    docker-compose -f docker-compose.root.yml down

Recommendation

Use docker-compose.root.yml for production deployments if you need:

  • Full TCP port forwarding capabilities
  • Any port range configuration
  • Direct port binding without mapping overhead
  • Maximum performance and flexibility

This is the recommended configuration for most use cases as it provides the complete feature set without limitations.

Contributing

Contributions are welcome!

If you'd like to contribute to this project, please follow the workflow below:

  1. Fork the repository
  2. Create a new branch for your changes
  3. Commit and push your updates
  4. Open a Pull Request targeting the staging branch
  5. Clearly describe your changes and the reasoning behind them

License

This project is licensed under the Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) license.

Author

Bagas (fossyy)

Reference in New Issue View Git Blame Copy Permalink
Description
A lightweight SSH-based tunnel server written in Go
https://tunnl.live
Readme 49 MiB
Releases 8
v1.1.5 Latest
2026-01-28 01:07:54 +07:00
Languages
Go 99.6%
Dockerfile 0.4%