Open Source Project of the Day (Part 13): Tunnelto - High-Performance Local Tunnel Tool Built with Rust

Introduction

"What if a single command could let users from anywhere in the world access your locally running web server?"

This is Part 13 of the "Open Source Project of the Day" series. Today we explore Tunnelto (GitHub).

When developing and testing web applications, we often need to expose local services to external access — whether for remote colleagues to test, integrating third-party webhooks, or demonstrating to clients. Traditional solutions are either complex to configure, perform poorly, or require payment. Tunnelto is built with Rust and Tokio async IO, providing a high-performance, easy-to-use local tunnel solution that lets you expose your local service to the internet with a single command.

What You'll Learn

• Tunnelto's core architecture and technical characteristics
• How to use Tunnelto to quickly expose local services
• Rust async IO in network tunneling applications
• Tunnelto vs. other local tunnel tools
• How to self-host a Tunnelto server
• Tunnelto's advanced features and configuration options
• Application cases in real development scenarios

Prerequisites

• Basic understanding of networking (TCP/IP, HTTP)
• Understanding of local development server concepts
• Familiarity with command-line tools
• Basic knowledge of Rust (optional, helps understand implementation principles)

---

Project Background

Project Introduction

Tunnelto is a high-performance local tunnel tool written in Rust that allows you to expose a locally running web server to the internet with a simple command, obtaining a publicly accessible URL. Built entirely on async IO (Tokio), it delivers excellent performance while supporting custom subdomains and self-hosted deployment.

Core problems the project solves:

• Local development services can't be accessed externally, hindering collaboration and testing
• Traditional local tunnel tools are complex to configure with poor performance
• Cannot use localhost when integrating third-party services (like OAuth callbacks, Webhooks)
• Commercial solutions are expensive or restricted
• Need self-hosted solutions to protect privacy and data security

Target user groups:

• Web developers and full-stack engineers
• Developers who need quick demonstrations and testing
• Developers integrating with third-party APIs
• Developers with performance and privacy requirements
• Teams needing self-hosted local tunnel services

Author/Team Introduction

Author: Alex Grinman (@agrinman)

• Background: Developer focused on systems programming and network technology
• Project creation date: 2020
• Philosophy: Build a high-performance, easy-to-use, self-hostable local tunnel tool
• Tech stack: Rust, Tokio, async IO

Project Stats

• ⭐ GitHub Stars: 5.7k+ (continuously growing)
• 🍴 Forks: 432+
• 📦 Version: 0.1.18 (latest version, released May 16, 2021)
• 📄 License: MIT
• 🌐 Website: tunnelto.dev
• 💬 Community: Active GitHub Issues

Project development history:

• 2020: Project created, initial version released
• 2020-2021: Continuous optimization, new features added
• May 2021: Released version 0.1.18, stable feature set
• Ongoing maintenance: Project remains active with continuous community contributions

---

Main Features

Core Purpose

Tunnelto's core purpose is to expose locally running web servers to the internet via public URLs, with main features including:

1. Quickly expose local services: A single command maps a local port to a public URL
2. Custom subdomains: Supports specifying custom subdomains for easy remembering and use
3. API authentication: Supports API key authentication to protect tunnel security
4. Self-hosting support: Can deploy your own Tunnelto server
5. High performance: Based on Rust and Tokio async IO for excellent performance
6. Local dashboard: Provides a local monitoring and debugging interface

Use Cases

1. Web development testing

   • Let remote team members access the local development environment
   • Test responsive design on mobile devices
   • Demonstrate to clients or product managers

2. Third-party service integration

   • OAuth callback URL configuration (GitHub, Google, etc.)
   • Webhook reception (Stripe, GitHub Actions, etc.)
   • Third-party API testing and debugging

3. API development and debugging

   • Let frontend developers access local API services
   • Test mobile app integration with backend APIs
   • Debug cross-origin issues

4. Temporary demos and sharing

   • Quickly share local projects with others
   • Temporary demos and prototype presentations
   • Showcase features without deployment

5. CI/CD integration

   • Expose test services in CI environments
   • Service access in automated testing
   • Setting up temporary test environments

Quick Start

Installation

macOS (Homebrew):

brew install agrinman/tap/tunnelto

Cargo (Rust users):

cargo install tunnelto

Other platforms:
Download the binary for your platform from GitHub Releases.

Simplest Usage Example

# Expose local port 8000 service
tunnelto --port 8000

After running, you'll see output like this:

🚀 Starting tunnelto...
🌍 Public URL: https://abc123.tunnelto.dev
📊 Dashboard: http://localhost:4040

Now anyone can access your local localhost:8000 service through https://abc123.tunnelto.dev.

Custom Subdomain

# Use a custom subdomain
tunnelto --port 8000 --subdomain myapp

This will generate the URL https://myapp.tunnelto.dev.

Specify Local Host and Protocol

# Specify local host and protocol
tunnelto --port 3000 --host 127.0.0.1 --scheme https

Core Features

1. Ultra-simple usage

   • A single command to use, no complex configuration
   • Automatically generates public URL, works out of the box
   • Supports multiple installation methods

2. High-performance async IO

   • Based on Rust and Tokio for excellent performance
   • Async processing, supports high-concurrency connections
   • Low latency, fast response

3. Custom subdomains

   • Supports specifying custom subdomains
   • Easy to remember and use
   • Suitable for production environment use

4. API authentication

   • Supports API key authentication
   • Protects tunnel security
   • Prevents unauthorized access

5. Local dashboard

   • Provides local monitoring interface
   • View request logs and statistics
   • Convenient for debugging and monitoring

6. Self-hosting support

   • Can deploy your own server
   • Complete control over data and privacy
   • Supports distributed deployment (using Fly.io)

7. Multi-protocol support

   • Supports HTTP and HTTPS
   • Automatically handles protocol conversion
   • Flexible configuration

8. Cross-platform

   • Supports macOS, Linux, Windows
   • Multiple installation methods available
   • Unified command-line interface

Project Advantages

Comparison	Tunnelto	ngrok	localtunnel
Performance	⭐⭐⭐⭐⭐ Rust async IO	⭐⭐⭐⭐ Go implementation	⭐⭐⭐ Node.js
Ease of use	⭐⭐⭐⭐⭐ Single command	⭐⭐⭐⭐ Simple	⭐⭐⭐⭐ Simple
Self-hosting	✅ Full support	❌ Requires payment	✅ Supported but limited
Custom domains	✅ Free support	❌ Requires payment	❌ Not supported
Open source	✅ MIT	❌ Partially open source	✅ MIT
Resource usage	⭐⭐⭐⭐⭐ Ultra-low	⭐⭐⭐⭐ Low	⭐⭐⭐ Moderate
Community activity	⭐⭐⭐⭐ Active	⭐⭐⭐⭐⭐ Very active	⭐⭐⭐ Average

Why choose Tunnelto?

• Excellent performance: Rust and Tokio combination brings exceptional performance, suitable for high-concurrency scenarios
• Fully open source: MIT license, completely open code, free to use and modify
• Self-hosting friendly: Provides a complete self-hosting solution to protect privacy and data security
• Simple and easy to use: A single command to use, low learning curve
• Low resource usage: Small Rust-compiled binary, minimal runtime resource consumption
• Actively maintained: Project continuously updated, active community

---

Detailed Project Analysis

Architecture Design

Tunnelto uses a client-server architecture with three core components:

1. Tunnelto Client: Runs locally on the user's machine, responsible for establishing the tunnel
2. Tunnelto Server: Runs in the cloud, responsible for forwarding traffic
3. Control WebSocket: Control channel between client and server

Core Modules

┌─────────────┐         ┌──────────────┐         ┌─────────────┐
│   Browser   │────────▶│ Tunnelto     │────────▶│   Local     │
│  (Internet)  │         │   Server     │         │   Server    │
└─────────────┘         └──────────────┘         └─────────────┘
                              ▲
                              │ Control WebSocket
                              │
                        ┌─────────────┐
                        │   Client    │
                        │  (Local)    │
                        └─────────────┘

Workflow:

1. Establish control connection: Client connects to server via WebSocket, establishing a control channel
2. Register tunnel: Client registers the tunnel with the server, obtaining a public URL
3. Traffic forwarding: When a request arrives at the public URL, the server notifies the client via the control channel
4. Establish data connection: Client establishes a connection to the local service
5. Bidirectional forwarding: Server and client bidirectionally forward HTTP requests and responses

Key Implementation

Async IO Architecture

Tunnelto is built entirely on Tokio async runtime, fully leveraging Rust's async capabilities:

// Pseudo-code example: core async processing logic
async fn handle_tunnel_connection(stream: TcpStream) -> Result<()> {
    // Async TCP connection handling
    let (reader, writer) = stream.split();

    // Async read and write
    tokio::spawn(async move {
        // Handle data forwarding
    });

    Ok(())
}

Advantages:

• High concurrency: Single thread can handle a large number of concurrent connections
• Low latency: Async IO avoids thread context switching overhead
• Resource efficient: Lower resource usage compared to traditional multi-thread models

Tunnel Management

Tunnelto uses subdomain routing to manage multiple tunnels:

• Each tunnel is assigned a unique subdomain
• Server routes to the corresponding tunnel based on the Host header
• Supports custom subdomains for easy remembering and use

Self-Hosting Implementation

Tunnelto provides a complete self-hosting solution:

Single instance deployment:

• Compile musl target (static linking)
• Deploy using Docker
• Configure environment variables

Distributed deployment (official approach):

• Use Fly.io's Private Networking
• Implement Gossip protocol for service discovery
• Supports multi-instance load balancing

Key configuration (tunnelto_server/src/config.rs):

• ALLOWED_HOSTS: Allowed hostnames
• CTRL_HOST: Control server address
• CTRL_PORT: Control server port
• CTRL_TLS_OFF: Whether to disable TLS (for local testing)

Security Mechanisms

1. API key authentication

   • Supports setting API keys
   • Prevents unauthorized access
   • Protects tunnel security

2. TLS encryption

   • Uses HTTPS by default
   • End-to-end encryption
   • Protects data transmission security

3. Access control

   • Supports configuring allowed hostnames
   • Prevents domain hijacking
   • Enhances security

Performance Optimization

1. Zero-copy technique

   • Rust's ownership system avoids unnecessary memory copies
   • Improves data transfer efficiency

2. Connection pool management

   • Reuses TCP connections
   • Reduces connection establishment overhead

3. Async batch processing

   • Batch processes requests
   • Improves throughput

Extension Mechanisms

Although Tunnelto itself has relatively simple functionality, it provides good extensibility:

1. Custom server

   • Can modify server code
   • Add custom features
   • Integrate into existing systems

2. Environment variable configuration

   • Flexible configuration through environment variables
   • Supports different deployment scenarios
   • Easy to integrate into CI/CD

3. API interface

   • Control WebSocket protocol is open
   • Can develop custom clients
   • Integrate into other tools

---

Project Resources

Official Resources

• 🌟 GitHub: https://github.com/agrinman/tunnelto
• 📚 Documentation: GitHub README includes complete usage guide
• 🌐 Website: https://tunnelto.dev

Who Should Use This

Tunnelto is especially suitable for the following developers:

1. Web developers

   • Need to quickly expose local services for testing
   • Need to integrate third-party services (OAuth, Webhooks)
   • Need to demonstrate and share local projects

2. Full-stack engineers

   • Need frontend to access local APIs
   • Need to test mobile app integration with backend
   • Need to debug cross-origin issues

3. DevOps engineers

   • Need to self-host local tunnel services
   • Need to integrate into CI/CD workflows
   • Have performance and security requirements

4. Rust developers

   • Want to learn Rust async IO practices
   • Want to understand network programming best practices
   • Want to contribute to open source projects

5. Privacy-conscious developers

   • Don't want to use third-party commercial services
   • Need complete control over data
   • Need self-hosted solutions

---

Welcome to visit my personal homepage for more useful knowledge and interesting products