14 releases (4 breaking)
Uses new Rust 2024
| new 0.5.3 | May 25, 2025 |
|---|---|
| 0.5.1 | Mar 31, 2025 |
| 0.3.0 | Dec 28, 2024 |
| 0.1.2 | Nov 27, 2024 |
#1026 in Network programming
170 downloads per month
495KB
11K
SLoC
Sandhole
Expose HTTP/SSH/TCP services through SSH port forwarding. A self-hosted ngrok / Cloudflare Tunnels / localhost.run alternative.
Check out the Sandhole book for a full guide.
Features
- Reverse proxy that just works with an OpenSSH client. No extra software required!
- Automatic HTTPS support (with Agnos and ACME), including HTTP/2 support.
- Easily load-balance by pointing multiple services to the same domain/port.
- Bring your own custom domains and authorize them via DNS records.
- Random subdomain assignment by default, with options for deterministic assignment.
- Option to connect with SSH via the HTTPS port, if your network blocks outbound connections to SSH ports.
- A terminal-based admin interface to view and manage current connections.
- Written in Rust, with comprehensive testing of most features.
Status
Sandhole is in active development. Contributions are welcome, but try it in production at your own risk.
Some alternatives
- sish - Main inspiration for this project. Written in Golang.
- rlt - Uses localtunnel's protocol instead of SSH. Written in Rust.
- wstunnel - Uses its WebSocket-based protocol instead of SSH. Written in Rust.
- rathole - A highly configurable reverse proxy with NAT traversal and a great name. Written in Rust.
- sshuttle - A smarter proxy service, also based on SSH, that only needs Python in the server. Written in Python.
Dependencies
~115–155MB
~3.5M SLoC