Expose your local endpoints to the Internet or to another network, traversing firewalls, proxies, and NAT.
inlets® combines a reverse proxy and websocket tunnels to expose your internal and development endpoints to the public Internet via an exit-server. An exit-server may be a 5-10 USD VPS or any other computer with an IPv4 IP address. You can also tunnel services without exposing them on the Internet, making inlets a suitable replacement for a VPN.
Why do we need this project? Similar tools such as ngrok or Argo Tunnel from Cloudflare are closed-source, have limits built-in, can work out expensive, and have limited support for arm/arm64. Ngrok is also often banned by corporate firewall policies meaning it can be unusable. Other open-source tunnel tools are designed to only set up a single static tunnel.
With inlets you can set up your own self-hosted tunnel, copy over the static binary and start tunnelling traffic without any arbitrary limits or restrictions. When combined with TLS, inlets can be used with most corporate HTTP proxies.
Conceptual diagram for inlets
Alex is the primary author and maintainer of inlets, if you use the project, become a sponsor of the project on GitHub.
inlets uses a websocket to create to create a tunnel between a client and a server. The server is typically a machine with a public IP address, and the client is on a private network with no public address.
inlets is considered production-ready, but you should do some testing before you depend on it, or use inlets PRO which is commercially supported.
- A public tunnel is where you expose the private service to users via the server's public IP
- A private tunnel is where you start a tunnel to a server and only expose it on the server's LAN address
- Tunnel HTTP or websockets
- Client announces the tunnelled services to the server
- Expose multiple sites on same port through the use of DNS entries and a
Host
header - Upgrade to link encryption using TLS for websockets (
wss://
) with an external add-on, or inlets PRO - Shared authentication token for the client and server
- Automatic reconnects for when the connection drops
Distribution:
- Binaries and Docker images for multiple architecture - Intel and ARM
- Kubernetes YAML files and Dockerfile
- systemd unit file for client/server
- Native Kubernetes Service and LoadBalancer integration with inlets-operator
The following features / use-cases are covered by inlets PRO:
- Tunnel L4 TCP traffic such as websockets, databases, reverse proxies, remote desktop and SSH
- Expose multiple ports from the same client - i.e. 80 and 443
- Run a reverse proxy or Kubernetes IngressController directly on your host
- Automated TLS for the control-plane
- Commercial services & support
- Documentation, blog posts, tutorials and videos
inlets is a Cloud Native Tunnel and is listed on the Cloud Native Landscape under Service Proxies.
- inlets PRO - Cloud Native Tunnel - TCP, HTTP & websockets with automated TLS encryption
- inlets-operator - Public IPs for your private Kubernetes Services and CRD
- inletsctl - The fastest way to create self-hosted exit-servers
- inlets - Cloud Native Tunnel for HTTP only - configure TLS separately, not available for inletsctl or inlets-operator
You can install the CLI with a curl
utility script, brew
or by downloading the binary from the releases page. Once installed you'll get the inlets
command.
Note:
inlets
is made available free-of-charge, but you can support its ongoing development and sign up for updates through GitHub Sponsors 💪
Utility script with curl
:
# Install to local directory
curl -sLS https://get.inlets.dev | sh
# Install to /usr/local/bin/
curl -sLS https://get.inlets.dev | sudo sh
Via brew
:
brew install inlets
Note: the
brew
distribution is maintained by the brew team, so it may lag a little behind the GitHub release.
Binaries are made available on the releases page for Linux (x86_64, armhf & arm64), Windows (experimental), and for Darwin (MacOS). You will also find SHA checksums available if you want to verify your download.
Windows users are encouraged to use git bash to install the inlets binary.
Using inlets I was able to set up a public endpoint (with a custom domain name) for my JavaScript & Webpack Create React App.
You can run inlets between any two computers with connectivity, these could be containers, VMs, bare metal or even "loop-back" on your own laptop.
Try the quickstart tutorial now on your local computer.
inlets and inlets PRO have their own documentation site:
Official docs: docs.inlets.dev
- Docs: Quickstart tutorial on your laptop
- Docs: Inlets & Kubernetes recipes
- Tutorial: Get a LoadBalancer for your private Kubernetes cluster with inlets-operator
See also: advanced usage of inlets including Docker, Kubernetes, multiple-services, and binding to private IPs
Read community tutorials, the launch posts on Hacker News, and send a PR if you have written about inlets or inlets PRO:
You can share about inlets using
@inletsdev
,#inletsdev
, andhttps://inlets.dev
.
Add an entry to the ADOPTERS.md file with your use-case.
Head over to the new SWAG store to get your very own branded inlets hoodie, t-shirt and mug.
Support the project by purchasing inlets SWAG or sponsoring on GitHub
Developers wishing to use inlets within a corporate network are advised to seek approval from their administrators or management before using the tool. By downloading, using, or distributing inlets, you agree to the LICENSE terms & conditions. No warranty or liability is provided.
See CONTRIBUTING.md
kubectl port-forward
- built into the Kubernetes CLI, forwards a single port to the local computer.- kubefwd - Kubernetes utility to port-forward multiple services to your local computer.
- kurun - Run main.go in Kubernetes with one command, also port-forward your app into Kubernetes.
inlets® is a registered trademark of OpenFaaS Ltd. All rights reserved, registered company in the UK: 11076587