Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Serveo–Expose local servers using only SSH (serveo.net)
62 points by trevordixon on July 24, 2017 | hide | past | favorite | 17 comments



Inspired by https://medium.com/@shazow/ssh-how-does-it-even-9e43586e4ffc and ngrok, I made this SSH server that assigns a public url for each remote port forwarding request you make. Start a web server on 8080, then try this:

ssh -R 80:localhost:8080 serveo.net

It's an attempt to make port forwarding as easy as ngrok or localtunnel, but using the SSH client you already have.

Also includes HTTP inspection and replay like ngrok.


very cool. Any plans to open source the code?


The site is using Let's Encrypt for https. Currently there is a hard limit of 2000 subdomains per week, meaning there will be at most 2000 simultaneous connections!

It seems that Wildcard support is coming Jan 2018.


You can only get certificates for up to 2000 new subdomains per week, but you can renew many more than that, so I can work my up to a few tens of thousands of subdomains if needed.

From https://letsencrypt.org/docs/rate-limits/:

"The main limit is Certificates per Registered Domain (20 per week)...

"If you have a lot of subdomains, you may want to combine them into a single certificate, up to a limit of 100 Names per Certificate. Combined with the above limit, that means you can issue certificates containing up to 2,000 unique subdomains per week...

"To make sure you can always renew your certificates when you need to, we have a Renewal Exemption to the Certificates per Registered Domain limit. Even if you’ve hit the limit for the week, you can still issue new certificates that count as renewals...

"Note that the Renewal Exemption also means you can gradually increase the number of certificates available to your subdomains. You can issue 20 certificates in week 1, 20 more certificates in week 2, and so on, while not interfering with renewals of existing certificates."

A wildcard certificate would be far more convenient! I'm looking forward to that.


I would highly recommend talking to LetsEncrypt staff, since those limits are there to mainly prevent abuse; and they have been quite forthcoming with raising them or even lifting them completely in some cases.


Oh, good to know. Thank you!


Looks interesting. Somehow it would not work on a image file.


I've noticed occasional hiccups too, but it usually works on photos! Consider it alpha quality.


Great job! Have you considered adding HTTPS support?


The public Serveo web server supports HTTPS. You'll get a URL like https://exussum.serveo.net.

Do you mean something like https://ngrok.com/docs#tls, so TLS isn't terminated until it reaches the user's machine? Should be doable; haven't considered it yet!


Full HTTPS would probably require more than just ssh. Ideally ngrok and this are mostly used for exposing developer sites where that doesn't really matter


I like it!

Edit: How about support for HTTP/2 and TLS 1.3?


I'm using the stock Go HTTP and TLS stack. When I connect with Chrome, I see HTTP/2 and TLS 1.2, which is the version Go implements according to https://golang.org/pkg/crypto/tls/.


would you consider open sourcing this?


Yes, someday. It would probably take me 15 or 20 hours to get something published on GitHub. I'll get around to it eventually!


I cannot see a privacy policy, or any statement regarding the handling of the data flowing through this tool, nor any code which could be audited.


Good point! HTTP requests and responses are retained in the program's memory for the duration of an SSH session, then forgotten on SSH disconnect. IP addresses are logged on SSH connect. I'll add a statement to the website and the tool's help message.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: