Your localhost,
over the internet.
Give anything on your machine a secure public link in one command. HTTP, TCP, TLS, and mTLS tunnels that work behind NAT, CGNAT, and corporate firewalls. No port forwarding. No router config. No exposed IP.
Private by default
Your traffic is yours. Three ways we prove it.
Most tunnels either read your traffic or hide what runs on your machine. Localport does neither, and you don't have to take our word for it.
Open-source agent
The agent that runs on your machine is open source. Read it, build it yourself, and see what touches your network before you trust it.
View the agentLocked tunnels
Turn on mutual TLS in one click. Only devices holding a certificate you issued get in, every request is verified, and you revoke any one of them in seconds.
How it worksZero inspection
We never read your payloads, log them, or train on them. Traffic passes straight through and stays yours, in the region you choose.
Our privacy stanceMade for individuals, teams, and enterprises.
Developers
Share what you build in one command.
Test Stripe and Twilio webhooks against the code on your laptop, no staging deploy. Share a feature branch or a vibe-coded prototype over a live link anyone opens on their phone, and give every pull request its own preview URL in CI.
IoT and device teams
Reach every device by name.
Give a whole fleet one token and reach each device by name, even behind CGNAT, double NAT, or cellular. Lock every device with its own mTLS certificate and revoke access in one click.
Homelabbers
Your homelab, reachable from anywhere.
No port forwarding, no dynamic DNS, no exposed home IP. Point your own domain at Jellyfin, Proxmox, or Home Assistant and get HTTPS every browser trusts. Works behind CGNAT and double NAT.
Enterprises
Zero trust tunnels. Flat team pricing.
Mutual TLS locks tunnels to trusted devices: no certificate, no connection. Your security team can read the open-source agent before it reaches a single machine. One flat $20/mo billed yearly covers the whole team, 5 developers or 50, and we never inspect your traffic.
Standard
A public HTTPS link for anything you run.
Run anything on a local port and get a public HTTPS link you control. It carries HTTP, TCP, and TLS with browser-trusted certificates out of the box, and you gate access with IP rules and a password. The address stays yours between restarts, so webhooks and teammates never hit a dead URL.
Locked · mTLS
Only the devices you trust get in. Pro
Each tunnel gets its own certificate authority. Hand a certificate to every device you trust, and everyone else is turned away before they reach your service. Localport checks the certificate on every request, and you revoke a device in one click. No SDK, no code changes.
Mesh
Every device gets its own address.
One token serves a whole fleet. Attach a wildcard domain once and every device answers at its own name on your domain — even behind CGNAT or a cellular modem, HTTP, TCP and TLS alike. One box can run several devices, and adding one never touches a router or a config file.
Shared
One URL for the whole team. It never moves.
Register the webhook once and never touch it again. A shared tunnel hands your whole team one permanent URL, so every teammate receives the same request the moment it lands. No per-developer tunnels, and no replaying events to chase.
What's included on every plan.
Flat team pricing from $5/mo billed yearly ($6 month-to-month). No per user fees. No surprise overages.
- HTTP, TCP, TLS Tunnels
- Forward web apps, APIs, databases, SSH, game servers, and custom sockets over HTTP, TCP, or TLS. Add mutual TLS on Pro.
- Automatic HTTPS
- Every web tunnel gets a real certificate that every browser trusts. No Let's Encrypt configs. No certificate warnings.
- Inspectable Agent
- The binary that runs on your machine has its source on GitHub. Read it, build it from scratch, verify what touches your network.
- Live Dashboard
- Watch tunnels come online. See connections, bandwidth, and live activity without opening an SSH session.
- No Port Forwarding
- Your machine makes one outbound connection, so your router stays closed and your home IP stays hidden. Works behind office firewalls, CGNAT, double NAT, and cellular hotspots. If it lets you browse the web, it lets you tunnel.
- Static Subdomains and Reserved Ports
- Reserve a name and a port so your address never changes between sessions. Webhooks, teammates, game clients, and database tools all reconnect to the same place after every restart.
- IP Allowlist
- Restrict a tunnel to the IP ranges you trust. Everyone else is turned away before they reach your service.
- Password Protection
- Put a username and password in front of any HTTP tunnel. Visitors sign in before they reach your app. Included on every plan.
- Force HTTPS
- Send every visitor to the secure https:// address automatically. One toggle, no config.
Honest comparison
Everything included. Nothing metered.
One flat price buys your whole team real tunnels with nothing metered by usage. HTTP, TCP, TLS, mesh and shared tunnels, generous bandwidth, and every teammate are included, with mutual TLS on Pro. We skip the free tier and spend that money on the paid plans instead. Here is how that stacks up against ngrok, Cloudflare Tunnels, and AWS IoT Core.
Same $20/mo as ngrok, billed yearly. Far more in the box.
Localport Pro gives you 30× the included bandwidth (150 GB vs 5 GB), 50 team members at one flat price instead of $5 per extra seat, and no per-endpoint-hour billing. Even Hobby starts at $5 with 4× the bandwidth of ngrok’s $8 tier.
Swipe to compare →
| Localport | ngrok | Cloudflare Tunnels | AWS IoT Core | |
|---|---|---|---|---|
| Pricing | Flat $5 to $20/mo yearly | $8 to $20/mo + usage | Free HTTP, then enterprise | Per message |
| Monthly bandwidth | 20 to 150 GB included | 1 to 5 GB, then $0.10/GB | Unlimited (HTTP) | Per message |
| Team members | 5 to 50, one flat price | 1 to 3, then $5/user | Per seat | IAM users |
| HTTP, TCP & TLS | Included | TLS on $20 tier | HTTP, TCP, SSH | MQTT, HTTP |
| Mutual TLS (mTLS) | On Pro, $20/mo | $20 tier + usage | Zero Trust add-on | Built in |
| Mesh tunnels | Included | Not supported | Not supported | Thing shadows |
| Shared tunnels | Included | Not supported | Not supported | Not supported |
| Password & IP rules | Included | Paid tiers | Zero Trust add-on | IoT policies |
| Open-source agent | Yes, on GitHub | Closed source | cloudflared (OSS) | SDKs only |
| Payload inspection | Never | On by default | Proxied | Logged |
Access your localhost over the internet.
Keep your privacy while you're at it.
Flat team pricing from $5/mo billed yearly. HTTP, TCP, and TLS tunnels on every plan, with mutual TLS on Pro. Works straight through NAT, CGNAT, and corporate firewalls.
Start with a free trial. Cancel any time.
Inspect exactly what runs on your machine.
The Localport agent is the binary that connects your services to our network. Its source lives on GitHub, so you can read every commit, build it from scratch, and verify what touches your network before you ever trust it.