Skip to content

Your localhost, on the internet.

Give anything on your machine a secure public link in one command. HTTP, TCP, TLS, and mTLS tunnels that work behind NAT, CGNAT, and corporate firewalls. No port forwarding. No router config. No exposed IP.

Get Started Read the docs Star

macOS, Linux, Windows. Agent source on GitHub.

localport
$

Private by default

Your traffic is yours. Three ways we prove it.

Some tunnel services inspect your traffic by default. Others hide what runs on your machine. Localport does neither. We never read your payloads, and the agent source is public on GitHub so your security team can verify exactly what we ship before it runs. Your account data lives in the European Union, and every tunnel runs in the region you choose, so your live traffic never leaves that region.

Inspectable

Public source code

The binary that runs on your machine has its source on GitHub. Read it, build it from scratch, verify exactly what touches your network before you trust it.

View the agent

mTLS

Locked tunnels

Mutual TLS in one click. Only devices holding a certificate you issued can connect. Every request is cryptographically verified, end to end.

How it works

No logs

Zero inspection

We don't read your payloads. We don't log them. We don't train on them. Traffic passes through and stays yours.

Our privacy stance

Who uses Localport

Made for individuals, teams, and enterprises.

Developers

Share what you build in one command.

Test OAuth callbacks and Stripe or Twilio webhooks against the code on your laptop, no staging deploy. Share a feature branch, or the app you just vibe-coded with Cursor or v0, over a live link anyone can open on their phone. Add one step to CI so every pull request gets its own preview URL, and static subdomains keep them stable across restarts.

IoT and device teams

Reach every device by name.

Mesh tunnels assign each device its own address, like sensor-01.tunnel.localport.dev. Works behind CGNAT, double NAT, and cellular networks. Lock access with mTLS certificates per device and revoke in one click.

Homelabbers

Your homelab, reachable from anywhere.

No port forwarding. No dynamic DNS. No exposed home IP. Point your domain at Jellyfin, Proxmox, or Home Assistant. HTTPS that every browser trusts on every tunnel. Works behind CGNAT and double NAT.

Enterprises

Zero trust tunnels. Flat team pricing.

Mutual TLS locks tunnels to trusted devices. No certificate, no connection. The agent source lives on GitHub so your security team can review what ships to your machines. $20/mo covers the whole team, 5 developers or 50. We never inspect your traffic.

Standard tunnel

A public HTTPS link for anything you run.

Run anything on a local port and get back a public HTTPS link the whole internet can reach. Share it, paste it into a webhook, or open it on your phone. The address stays yours, run after run, so nothing breaks when you restart.

  • HTTP, TCP, and TLS on every plan, with browser-trusted HTTPS out of the box.
  • Static subdomains and reserved ports keep the same address every session.
  • IP allow lists, password protection, and one-click mTLS limit who reaches your service.
Learn more
HTTPSHTTPSTCPTCPTLSTLShttps://myapp.tunnel.localport.devtcp://myapp.tunnel.localport.devtls://myapp.tunnel.localport.devLOCALHOST

Your local app Live and Shareable

Works behind any firewall, No Port Forwarding

Open to the world, or Only Who You Trust

Locked tunnel

Only the devices you trust get in.

SENSORGATEWAYSERVERMUTUAL TLS · ECDSA P-256

Server pushes a
Firmware Update

Laptop opens an
SSH session

Invalid cert,
No Connection

Your Hub
behind NAT

Turn on mutual TLS with one toggle. Localport gives your tunnel its own certificate authority, so you hand a certificate to each device you trust and everyone else is refused before they reach your service. Every connection is cryptographically verified, and you can revoke any device in seconds.

  • Issue and revoke client certificates from your dashboard.
  • No valid certificate, no connection. Verified on every request.
  • No SDK and no code changes to your service.
  • Works on standard and mesh tunnels.
Learn more Talk to sales

Mesh tunnel

Every device gets its own address.

HTTPSHTTPSTCPTLSTCP

Every device gets
its Own Live Link

Control whole
fleet From Anywhere

Only Trusted
Devices connect

One tunnel, one token, a whole fleet. Every device that joins gets its own subdomain and port, reachable by name from anywhere, even behind CGNAT or a cellular modem. Add devices to the mesh without touching a router or editing config.

  • Name a device once, like sensor-1, and reach it by that name for good.
  • One mesh, mixed protocols. Each device speaks HTTP, TCP, or TLS on its own.
  • Gate the mesh with mTLS, then revoke any device in a click.
Learn more

Shared tunnel

One webhook. Everyone on the team.

A webhook points at one URL, so normally one developer catches the event and everyone else waits. Aim it at a shared tunnel instead and your whole team gets every payload at once, no replaying events, no copy-pasting JSON from Slack. One teammate, picked from the dashboard in a click, sends the reply back.

  • Every teammate receives the same request in real time.
  • A static subdomain keeps your Stripe or GitHub webhook URL stable for good.
  • IP allow lists control who can join and which senders get through to your team.
Learn more
https://notification.localport.dev/webhook/1DEVELOPER2DEVELOPER3DEVELOPER

Whole team
Shares One Link

Every request reaches
Everyone at Once

Every plan

What's included on every plan.

Flat team pricing from $5/mo. No per user fees. No surprise overages.

HTTP, TCP, TLS tunnels
Forward web apps, APIs, databases, SSH, game servers, and custom sockets over HTTP, TCP, or TLS. Add mutual TLS on Pro.
Automatic HTTPS
Every web tunnel gets a real certificate that every browser trusts. No Let's Encrypt configs. No certificate warnings.
Inspectable agent
The binary that runs on your machine has its source on GitHub. Read it, build it from scratch, verify what touches your network.
Live dashboard
Watch tunnels come online. See connections, bandwidth, and live activity without opening an SSH session.
No port forwarding
Your machine makes one outbound connection, so your router stays closed and your home IP stays hidden. Works behind office firewalls, CGNAT, double NAT, and cellular hotspots. If it lets you browse the web, it lets you tunnel.
Static subdomains and reserved ports
Reserve a name and a port so your address never changes between sessions. Webhooks, teammates, game clients, and database tools all reconnect to the same place after every restart.
IP allow lists
Restrict a tunnel to the IP ranges you trust. Everyone else is turned away before they reach your service.
Password protection
Put a username and password in front of any HTTP tunnel. Visitors sign in before they reach your app. Included on every plan.
Force HTTPS
Send every visitor to the secure https:// address automatically. One toggle, no config.
See all plans

Honest comparison

Everything included. Nothing metered.

We don't run a free tier. Everything we would spend carrying free users goes into the paid plans instead, so you get real tunnels and nothing metered by usage. HTTP, TCP, TLS, mesh and shared tunnels, generous bandwidth, and your whole team come at one flat price, with mutual TLS on Pro. Here is how that stacks up against ngrok, Cloudflare Tunnels, and AWS IoT Core.

Same $20/mo as ngrok Pay-as-you-go. Far more in the box.

Localport Pro gives you 30× the included bandwidth (150 GB vs 5 GB), 50 team members at one flat price instead of $5 per extra seat, and no per-endpoint-hour billing. Even Hobby starts at $5 with 4× the bandwidth of ngrok’s $8 tier.

Feature comparison: Localport vs ngrok, Cloudflare Tunnels, and AWS IoT Core. The feature and Localport columns stay fixed while the others scroll.
LocalportngrokCloudflare TunnelsAWS IoT Core
PricingFlat $5 to $20/mo$8 to $20/mo + usageFree HTTP, then enterprisePer message
Monthly bandwidth20 to 150 GB included1 to 5 GB, then $0.10/GBUnlimited (HTTP)Per message
Team members5 to 50, one flat price1 to 3, then $5/userPer seatIAM users
HTTP, TCP & TLSIncludedTLS on $20 tierHTTP, TCP, SSHMQTT, HTTP
Mutual TLS (mTLS)On Pro, $20/mo$20 tier + usageZero Trust add-onBuilt in
Mesh tunnelsIncludedNot supportedNot supportedThing shadows
Shared tunnelsIncludedNot supportedNot supportedNot supported
Password & IP rulesIncludedPaid tiersZero Trust add-onIoT policies
Open-source agentYes, on GitHubClosed sourcecloudflared (OSS)SDKs only
Payload inspectionNeverOn by defaultProxiedLogged
Full comparison → See real use cases →

Inspect exactly what runs on your machine.

The Localport agent is the binary that connects your services to our network. Its source lives on GitHub. Read every commit, build the binary from scratch, and verify what touches your network before you ever trust it. We run the hosted side as a managed service so your tunnels just work.

Star on GitHub Join the Discord

Put your localhost on the internet. Keep your privacy while you're at it.

Flat team pricing from $5/mo. HTTP, TCP, and TLS tunnels on every plan, with mutual TLS on Pro. Works straight through NAT, CGNAT, and corporate firewalls.

Get Started Talk to sales

Start with a free trial. Cancel any time.