Your quest - establish a secure tunnel with a custom domain
Task: set up a VM with a public IP, install inlets PRO and then connect a client to it, so that you have a secure HTTP tunnel for a HTTP service or server on your private network.
Reward: You'll get listed in this file and bragging rights. You can also get 10% off a personal license after you're done and Tweeted a screenshot.
Why? Understand how easy it can be to set up a self-hosted tunnel. Help the inlets community with feedback for the new RC and features.
Who's tried it so far?
- Create a VM with a public IP, install inlets PRO server and start it
- Create a DNS record for your subdomain
- Launch a local HTTP server or faasd on your computer, in a multipass VM or on your Raspberry Pi
- Install the inlets PRO client there and start it
Conceptual diagram with a Node.js microservice on port 3000
Access your private HTTP server or faasd instance via the domain using HTTPS.
What do you need?
You need a HTTP server - faasd makes a good candidate here, or the built-in HTTP server in inlets PRO for sharing files, similar to Python's SimpleHTTPServer.
The faasd instance could be on your Raspberry Pi, or running in multipass.
If you don't want to setup faasd, you can use the built-in filesharing server in inlest PRO instead:
mkdir /tmp/files/ uname -a > /tmp/files/uname inlets-pro http fileserver \ --port 8080 --webroot /tmp/files/
Create a VM somewhere on GCP or DigitalOcean, make sure that you can SSH into it.
Configure the security group or firewall, if it's not already open - allow TCP/8123 (inlets control plane) and TCP/80 (Let's Encrypt ACME HTTP01 challenge) and TCP/443 (to serve traffic from the tunnel)
Install the inlets PRO RC on your new VM at
Then create a DNS A record for faasd.example.com with the IP
Get a token for logging in
export TOKEN=$(head -c 16 /dev/urandom | shasum | cut -d" " -f1)
- Then run
# Populate from previous step export TOKEN="" export PUBLIC_IP_OF_SERVER="" inlets-pro http server \ --letsencrypt-domain faasd.example.com \ --letsencrypt-email email@example.com \ --letsencrypt-issuer prod \ --token $TOKEN \ --auto-tls \ --tls-san $PUBLIC_IP_OF_SERVER
This is the client part of the tunnel. Run it next to your local HTTP server, so on your faasd multipass instance or Raspberry Pi.
The binary for Raspberry Pi has a suffix of
-armhf on the downloads page.
Install the inlets PRO RC to
Run the client
# Save the 7-day trial license for the inlets PRO client echo "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiaW5sZXRzIFJDIHRyaWFsIiwiZW1haWxfYWRkcmVzcyI6ImNvbnRhY3RAb3BlbmZhYXMuY29tIiwicHJvZHVjdHMiOlsiaW5sZXRzLXBybyJdLCJhdWQiOiJqd3QtbGljZW5zZSIsImV4cCI6MTYxMzIxNjI4MiwianRpIjoiODA4MSIsImlhdCI6MTYxMjYxMTQ4MiwiaXNzIjoiand0LWxpY2Vuc2UiLCJzdWIiOiJpbmxldHMgUkMgdHJpYWwifQ.dXYMO6guxldF5aQwJFNSW01EDhRxdP2kjoEnZi0hnwL53xAAiWqWtqsCNBz0cLfQtNUROKCbUBL5y8vj8AQJXA" > LICENSE.txt # Populate from previous step export TOKEN="" export PUBLIC_IP_OF_SERVER="" inlets-pro http client \ --url wss://$PUBLIC_IP_OF_SERVER:8123 \ --token $TOKEN \ --license-file ./LICENSE.txt \ --upstream http://127.0.0.1:8080
Now access your service at https://faasd.example.com
Did you like the experience? Could this tool be useful to you?
If you connected faasd, why not disconnect and try connecting the fileserver instead? Next time you need to download a big file or share something with a friend of colleague, you'll have a way to do that without third-parties.
The first 10 people to try out the gist and to tweet will get 10% off the cost of an inlets PRO license. The personal license can be used at home and at work.
Docker and Kubernetes
You can run the client and server component on Kubernetes
The Docker image is available at