// the find
joaoh82/rustunnel
Self-hosted, secure tunnel server in Rust. Expose local HTTP/HTTPS/TCP/UDP services to the public internet via TLS-encrypted WebSocket. Open-source, pay-as-you-go managed option, MCP server for AI agents.
rustunnel is a self-hosted ngrok alternative written in Rust that tunnels local HTTP/HTTPS/TCP/UDP services over TLS-encrypted WebSocket connections. It ships a full server binary you can run on your own VPS, a managed hosted option with three regions, and an MCP server so AI agents can open tunnels programmatically. Aimed at developers who want ngrok's convenience without the per-seat pricing or data leaving their infrastructure.
yamux multiplexing over a single WebSocket control connection is the right call — it avoids the connection-per-request overhead that plagues naive tunnel implementations; the MCP server binary is a genuine differentiator, letting Claude Code or Cursor open and close tunnels without shell commands; the config and deployment story is unusually complete for a young project — systemd unit, Docker Compose, Certbot hook, Makefile targets, all present and not half-finished; integration tests spin up a real server on random ports and hit real PostgreSQL, which means the test suite actually catches connection-handling bugs instead of just mocking them away
the TCP tunnel port range tops out at 100 ports by default (20000–20099), which means you hit the ceiling with 100 simultaneous TCP tunnels — not a problem for personal use but a hard wall if you're running shared infrastructure; TLS certificates are read from disk at startup only, so cert rotation requires a service restart — the deploy hook handles it but any cert issue between restarts silently serves a stale cert; AGPLv3 is load-bearing here: if you embed rustunnel-server in a SaaS product you must open-source it, which some shops will hit as a surprise; the dashboard UI is a pre-built Next.js bundle checked into the repo under `src/dashboard/assets/`, meaning dashboard updates require a maintainer to rebuild and commit the static files — not great for contributors wanting to iterate on the UI