Lib.rs

Network programming
#ssh #proxy #tunnel #hole-punching #record #dns-records

bin+lib sandhole

Expose HTTP/SSH/TCP services through SSH port forwarding

Owned by EpicEric.

8 releases

new 0.3.1 Jan 1, 2025
0.3.0 Dec 28, 2024
0.2.1 Dec 22, 2024
0.1.4 Dec 3, 2024
0.1.2 Nov 27, 2024

#1761 in Network programming

Download history 152/week @ 2024-11-20 311/week @ 2024-11-27 83/week @ 2024-12-04 7/week @ 2024-12-11 221/week @ 2024-12-18 136/week @ 2024-12-25

507 downloads per month

MIT license

355KB
8K SLoC

sandhole

GitHub Actions workflow status crates.io version GitHub license

The Sandhole logo, with Ferris partially inside a sandhole and the name "Sandhole" written in cursive beside them.

Expose HTTP/SSH/TCP services through SSH port forwarding. A self-hosted ngrok / Cloudflare Tunnels / localhost.run alternative.

Check out the Sandhole book for a full guide.

Features

  • Reverse proxy that just works with an OpenSSH client. No extra software required!
  • Automatic HTTPS support (with dnsrobocert and/or ACME).
  • Easily load-balance by pointing multiple services to the same domain/port.
  • Bring your own custom domains and authorize them via DNS records.
  • Random subdomain assignment by default, with options for deterministic assignment.
  • Option to connect with SSH via the HTTPS port, if your network blocks outbound connections to SSH ports.
  • A terminal-based admin interface to view current connections.
  • Written in Rust, with comprehensive testing of most features.

Status

Sandhole is in active development. Contributions are welcome, but try it in production at your own risk.

Some alternatives

  • sish - Main inspiration for this project. Written in Golang.
  • rlt - Uses localtunnel's protocol instead of SSH. Written in Rust.
  • rathole - A highly configurable reverse proxy with NAT traversal and a great name. Written in Rust.
  • sshuttle - A smarter proxy service, also based on SSH. Written in Python.

Dependencies

~97–135MB
~3M SLoC