This package helps you access your private http/ws servers inside your home network, securely, from the internet, without the hassle of setting up.
- Go to https://noralink.eu/home and create an account
- Navigate from the dropdown (or follow link) to the Manage API keys menu
- Create a new key and copy it somewhere safe
The following command creates a tunnel under subdomain app to internal-server.local:1234/sample-path. Replace [your-api-key] with the API key you obtained before.
npx @nora-link/client -f "app|internal-server.local:1234/sample-path" -k [your-api-key]
You can also specify a label to be displayed in the UI:
npx @nora-link/client -f "app|This is my test app|internal-server.local:1234/sample-path" -k [your-api-key]
Or you can create multiple tunnels to different apps:
npx @nora-link/client -f "app|app1.local:1234" -f "test|app2.local:1234" -k [your-api-key]
You can acess the tunnel by navigating to https://noralink.eu/home and clicking the card corresponding your tunnel, or by going directly to the subdomain associated to your tunnerl. Eg: https://app.noralink.eu.
Currently only a subset of subdomains are available to use with your own tunnels, from the following: admin, api, app, control, dashboard, home, my, nodered, smarthome, test.
If you want a new subdomain, add a request here: Request a new subdomain thread.
- All traffic from the client machine to the user’s browser is encrypted using TLS, ensuring data security during transmission.
- Certificates for the service are handled by Google Cloud, providing robust and trusted certificate management.
- Traffic is tunneled via a secure WebSocket connection, and is only accessible to the authenticated user.
- Users can create accounts using Google and GitHub identity providers or via email/password. This flexibility enhances the user experience while providing secure authentication methods.
- Email/password accounts require email verification, adding an extra layer of security. MFA is not yet supported for email/password.
- The client uses an API key, generated from the browser, which is only shown once and hashed after creation. The key is scoped to the user, ensuring access is limited to tunnels created only by that user. API keys are never stored in plaintext; only their hash is kept, minimizing the risk of exposure.
- Browser authentication is maintained via a secure, HttpOnly cookie with a 12-hour expiration, reducing the risk of session hijacking.
- The client source code is open source, providing transparency, and is lightweight, reducing the attack surface and complexity.
- The server can only access pre-defined local hosts specified in the config, ensuring that no unauthorized access to other local services is possible.
This service is currently free to use, but as our cloud costs grow, we plan to charge for use to cover the costs. This means that while basic features will remain free, full access and advanced features will require a subscription. We appreciate your understanding and support as we continue to improve our service.