The purpose of this list is to track and compare tunneling solutions. This is primarily targeting toward developers and self-hosters who want to do things like exposing a local webserver via a public address.

The dream

I started this list because I'm looking for a simple tool/service that does the following:

• Allows me to register a domain name.
• Automatically sets up HTTPS (apex and wildcard) for the domain.
• Provides a client tool that tunnels TCP connects through the server without requiring root on the client.
• Provides a web interface to allow me to map X domain/subdomain to Y port on Z client, and proxy all connections to that domain.

So far I haven't found it so I've started building it myself.

Things to look out for when comparing solutions

• Underlying multiplexing technology. In particular, if a solution uses TCP-over-TCP (ie any of them that are built on SSH), it'll be subject to rather severe issues.
• Source code availability. Some of the best options are closed source only.
• Does it require root to run the client? For example, anything built on WireGuard will likely have great performance (on systems where it's built into the kernel at least), but typically requires elevated permissions to create the tun devices.

The list

Open source

• frp - Seems to be a pretty comprehensive open alternative to ngrok.
• ngrok 1.0 - Original version of ngrok. No longer developed in favor of the commercial 2.0 version.
• localtunnel - Written in node. Popular suggestion.
• inlets - Open source ngrok alternative. Has pro option.
• sshuttle - Open source project originally from one of the founders of Tailscale. Server doesn't require root; client does. Explicitly designed to avoid TCP-over-TCP issues.
• chisel - Another HTTPS+SSH option.
• expose - ngrok alternative written in PHP.
• teleconsole - SSH-based, but uses special client script. Focused on forwarding SSH console sessions, but can also forward ports.
• go-http-tunnel - Uses a single HTTP/2 connection for muxing, so likely avoids TCP-over-TCP issues. Need to manually generate certs for server and clients.
• sish - Open source ngrok/serveo alternative. SSH-based but uses a custom server written in Go. Supports WebSocket tunneling.
• PageKite - Comprehensive open source solution with hosted options.
• slt - Open source TLS proxy from the creator of ngrok. Supports SNI.
• tunneller - Open source. Written in Go.
• docker-tunnel - Simple Docker-based nginx+SSH solution.
• holepunch.io - Has nice hosted solution. Uses SSH for muxing.
• Telebit - Written in JS. Code.

Commerical/Closed source

• ngrok 2.0 - Probably the gold standard and most popular. Closed source. Lots of features, including TLS and TCP tunnels. Doesn't require root to run client.
• CloudFlare Argo Tunnel - $5/mo + $0.1/GB. Integrates with Argo smart routing. Client source code is available.
• serveo - Mentioned quite a bit the last couple years, but appears to be down currently. Simply uses SSH for tunneling.
• Tailscale - Built on WireGuard. Closed source. Easy to use. Doesn't include an HTTPS proxy on the public side, but could be combined with nginx/Caddy/etc.

Blog posts

• Roll your own Ngrok with Nginx, Letsencrypt, and SSH reverse tunnelling

Discussions

• HN comment about needing Namecheap + CloudFlare + ngrok.