Skip to content
/ microtunnel Public

🌐 Self-hosted HTTPS tunnels using Go, WebSockets & Caddy. Good for demos, side-projects & webhooks.

License

MIT license
22 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

OlegHQ/microtunnel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

42 Commits
docs
docs
Β 
Β 
.gitignore
.gitignore
Β 
Β 
Caddyfile
Caddyfile
Β 
Β 
LICENSE
LICENSE
Β 
Β 
Makefile
Makefile
Β 
Β 
README.md
README.md
Β 
Β 
flake.lock
flake.lock
Β 
Β 
flake.nix
flake.nix
Β 
Β 
go.mod
go.mod
Β 
Β 
go.sum
go.sum
Β 
Β 
main.go
main.go
Β 
Β 
testapp.mjs
testapp.mjs
Β 
Β 

Repository files navigation

microtunnel

Architecture Diagram

Self-hosted HTTPS tunnels made simple β€” using Go, Caddy, and Cloudflare.

  • One lightweight Go binary.
  • Automatic HTTPS with wildcard certificates.
  • WebSocket-based tunneling (no raw TCP needed).
  • Fully self-hosted: your domain, your rules.

Read the full story here β†’

Why microtunnel?

Most tunneling tools either require paid plans, rely on proprietary infrastructure, or need complex setups. microtunnel is a self-hosted alternative that gives you HTTPS tunnels using just Go, WebSockets, and Caddy β€” no third-party services required.

  • No paid plans
  • No vendor lock-in
  • No opaque black boxes

Just one Go binary + Caddy with automatic TLS = your own public HTTPS tunnel.

Features

  • πŸ” Secure WebSocket-based tunneling
  • πŸ”’ Automatic Let's Encrypt TLS (via Cloudflare DNS)
  • πŸ“‘ Multiplexing multiple HTTP streams over one WebSocket with yamux
  • πŸ–ŠοΈ Simple, structured logs (thanks, Logrus)
  • 🌐 Designed for side-projects, demos, webhook testing

Quick Start

Server Setup

First, prepare your environment variables:

export TUNNEL_SERVER_DOMAIN_NAME=tunnel.example.com
export CADDY_PROXY_PORT=3000
export CF_API_TOKEN=your_cloudflare_token

Build and run the server:

go run main.go --port 3000 --base-domain-name=tunnel.example.com

Caddy needs to be set up separately for wildcard HTTPS. See full guide in the article.

Client Usage

Tunnel your local app (e.g., running on localhost:8080):

go run main.go --server-url=wss://tunnel.example.com/tunnel --port 8080

You'll get a URL like:

https://ab12cd34.tunnel.example.com

Open it. Magic.

How It Works

  • Clients connect to /tunnel via secure WebSocket.
  • Server assigns a random 8-character subdomain.
  • Caddy handles automatic TLS certificates.
  • Yamux multiplexes multiple HTTP requests over a single WebSocket.
  • HTTP hijacking enables raw streaming of HTTP traffic without re-encoding.

For a deeper technical dive, check the full article.

Requirements

  • A domain (e.g., example.com) with Cloudflare managing DNS.
  • A public VM (free Oracle/AWS/anything).
  • Go (for building the binary).
  • Caddy (with Cloudflare DNS plugin).

Future Improvements

  • Token-based tunnel authentication
  • gRPC transport support
  • Prometheus metrics for tunnel traffic

Demo

Tunnel established

Tunnel Ready

Incoming request to server

Server Log

Accessing local app via HTTPS

Browser Screenshot

License

MIT. Do whatever you want. Stars are appreciated

GitHub Repository β†’

About

🌐 Self-hosted HTTPS tunnels using Go, WebSockets & Caddy. Good for demos, side-projects & webhooks.

Resources

Readme

License

MIT license
Activity

Stars

22 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 β€” Initial release Latest
Apr 29, 2025

Packages

No packages published

Contributors 2

  •  
  •  

Languages