Sign in Subscribe
dotnet

NTunl: An open Self-Hosted, Secure Alternative to ngrok for Exposing Local Services

NTunl is a self-hosted alternative to ngrok, offering secure tunneling for local services with SSL, custom domains, and request inspection. Perfect for developers seeking control and flexibility.

Tim Dodd

3 min read
NTunl: An open Self-Hosted, Secure Alternative to ngrok for Exposing Local Services

If you’ve ever needed to expose a local server to the public internet, you’re likely familiar with ngrok, a popular tool for creating secure tunnels. However, relying on external services for tunneling isn’t always ideal, particularly when you want control over your data and setup. That’s why I developed NTunl, a self-hosted alternative to ngrok that gives you full control over your secure tunnels. Let’s dive into what NTunl offers, how it works, and how to set it up.

What is NTunl?

NTunl is a C# project built with .NET 8, designed to make secure tunneling straightforward and self-sufficient. With NTunl, you can expose any local or private service to the public internet, all from your own environment. Whether it’s a development server, internal tool, or IoT device, NTunl enables you to manage access securely with features comparable to those found in commercial solutions.

Key Features

NTunl is equipped with several powerful features:

  • Secure Tunneling: NTunl allows you to securely tunnel your localhost or any other private services to a public domain with SSL support, including options to permit or deny invalid certificates.
  • Flexible Configuration: Both server and client configurations are highly customizable, giving you control over SSL, domains, subdomains, headers, and more.
  • Domain and Subdomain Management: You can easily set up and manage custom domains and subdomains.
  • Request Inspection: Enable the Inspector to view and monitor HTTP requests via a web interface, making debugging and monitoring convenient.
  • Self-Hosted Solution: Keep your data within your own infrastructure by hosting NTunl on your own server, or leverage Docker for easy setup.

The Docker image for NTunl is available on Docker Hub, making it easy to integrate with various environments.

How NTunl Works

NTunl consists of two primary components: the NTunl Server and the NTunl Client.

  1. NTunl Server: This component is responsible for managing the tunnels and exposing them to a public interface. Clients connect to the NTunl Server to establish tunnels.
  2. NTunl Client: The client connects to the server to expose local or private services to the public internet. You can set up custom domains, SSL settings, and headers for each tunnel. Here’s an example configuration:
{
    "Logging": {
        "LogLevel": {
            "Default": "Debug",
            "Microsoft": "Warning",
            "Microsoft.Hosting.Lifetime": "Information",
            "System.Net.Http.HttpClient": "Warning"
        }
    },
    "Tunnels": [
        {
            "SslEnabled": true,
            "AllowInvalidCertificates": false,
            "NtunlAddress": "tunnel.mysite.com:443",
            "Address": "https://robododd.com",
            "HostHeader": "robododd.com",
            "CustomHeader": [],
            "RewriteUrlEnabled": false,
            "RewriteUrlPattern": "https://(mysite|www.mysite2)\\.com"
        }
    ],
    "Inspector": {
        "Enabled": true,
        "Port": 6900
    }
}

This configuration enables SSL, sets a custom host header, and includes optional URL rewriting, giving you flexibility in how your services appear publicly.

NTunl Server Configuration

The NTunl Server configuration is highly customizable, allowing you to tailor settings to your specific needs. Below is an example of a typical configuration file (appsettings.json) for the NTunl Server:

{
    "Logging": {
        "LogLevel": {
            "Default": "Information"
        }
    },
    "AllowedHosts": "*",
    "TunnelHost": {
        "HostName": "*",
        "Port": 8001,
        "ClientDomain": {
            "Domain": "mysite.com",
            "SubDomains": [ "apple", "banana", "cherry", "elderberry" ]
        },
        "Ssl": {
            "Enabled": false,
            "AcceptInvalidCertificates": true
        }
    },
    "HttpHost": {
        "HostName": "*",
        "Port": 9200,
        "Headers": {
            "BlackList": [ "cf-*" ],
            "IpHeaderName": "X-Forwarded-For"
        }
    }
}

Configuration Breakdown

  • Logging: Configures the log level. In this example, the default level is set to Information, but you can adjust this as needed for more or less verbosity.
  • AllowedHosts: Specifies which hosts are allowed to connect. Setting * allows all hosts.
  • TunnelHost: Defines the primary settings for the tunnel:
    • HostName: The hostname to bind to, with * binding to all hostnames.
    • Port: The port the tunnel listens on (here set to 8001).
    • ClientDomain: When a client connects, a random subdomain will be chosen for that client to use.
    • Ssl: Controls SSL settings:
      • Enabled: Toggle SSL on or off.
      • AcceptInvalidCertificates: If set to true, NTunl will accept invalid SSL certificates. This can be useful for testing but is generally not recommended for production.
  • HttpHost: Configures HTTP host settings, particularly useful for controlling headers:
    • HostName and Port: Similar to TunnelHost, specifying the hostname and port to bind.
    • Headers:
      • BlackList: Lists headers to block; here, any headers starting with cf- will be blacklisted.
      • IpHeaderName: Specifies the header to use for identifying the client’s IP address, typically X-Forwarded-For in reverse proxy setups.

This flexible configuration enables you to set up your NTunl Server to match your requirements precisely, from SSL handling to domain management and header control.

Getting Started with NTunl

Before you begin, make sure you have the .NET 8 SDK installed on your machine.

Installation and Setup

  1. Clone the Repository:
git clone https://github.com/timothydodd/ntunl.git
cd ntunl
  1. Build the Solution:
dotnet build
  1. Run the Ntunl Server on a machine with public access:
cd src/NTunlServer
dotnet run
  1. Run the NTunl Client on a Machine that hosts a service you want to make public:
cd src/NTunlClient
dotnet run

With the server running, the NTunl client will connect and expose your local services according to the configuration you define.

Final Thoughts

NTunl brings the power of secure tunneling to your fingertips, all within a self-hosted environment. Whether you're a developer looking for more control over your setup or a business needing to securely expose internal services, NTunl has the features and flexibility to meet your needs.

Ready to give it a try? Head over to the NTunl Docker Hub or NTunl GitHub repository and get started today.