You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Reverse proxy that just works with an OpenSSH client. No extra software required to beat NAT!
Automatic HTTPS support (with Agnos and ACME), including HTTP/2 support.
Easily load-balance by pointing multiple services to the same domain/port.
Bring your own custom domains and authorize them via DNS records for specific SSH keys.
Random subdomain assignment by default, with options for deterministic assignment.
Option to connect with SSH via the HTTPS port, if your network blocks outbound connections to SSH ports.
Security and performance features like quotas, rate limiting, timeouts, IP filtering, and more.
Many other configurable options, including toggling off whole modules.
A terminal-based admin interface to view and manage current connections.
Written in Rust, with comprehensive testing of most features.
Status
Sandhole is mostly feature-complete, but still receives occasional updates and fixes. Contributions are welcome, but try it in production at your own risk.
Some alternatives
sish - Main inspiration for this project. Written in Golang.
rlt - Uses localtunnel's protocol instead of SSH. Written in Rust.
wstunnel - Uses its WebSocket-based protocol instead of SSH. Written in Rust.
rathole - A highly configurable reverse proxy with NAT traversal and a great name. Written in Rust.
sshuttle - A smart proxy service, also based on SSH, that only needs Python in the server. Written in Python.
About
Expose HTTP/SSH/TCP services through SSH port forwarding.
