
Show HN: Serveo–Expose local servers using only SSH - trevordixon
https://serveo.net
======
trevordixon
Inspired by [https://medium.com/@shazow/ssh-how-does-it-
even-9e43586e4ffc](https://medium.com/@shazow/ssh-how-does-it-
even-9e43586e4ffc) and ngrok, I made this SSH server that assigns a public url
for each remote port forwarding request you make. Start a web server on 8080,
then try this:

ssh -R 80:localhost:8080 serveo.net

It's an attempt to make port forwarding as easy as ngrok or localtunnel, but
using the SSH client you already have.

Also includes HTTP inspection and replay like ngrok.

~~~
gerdusvz
very cool. Any plans to open source the code?

------
thinxer
The site is using Let's Encrypt for https. Currently there is a hard limit of
2000 subdomains per week, meaning there will be at most 2000 simultaneous
connections!

It seems that Wildcard support is coming Jan 2018.

~~~
trevordixon
You can only get certificates for up to 2000 new subdomains per week, but you
can renew many more than that, so I can work my up to a few tens of thousands
of subdomains if needed.

From [https://letsencrypt.org/docs/rate-
limits/](https://letsencrypt.org/docs/rate-limits/):

"The main limit is Certificates per Registered Domain (20 per week)...

"If you have a lot of subdomains, you may want to combine them into a single
certificate, up to a limit of 100 Names per Certificate. Combined with the
above limit, that means you can issue certificates containing up to 2,000
unique subdomains per week...

"To make sure you can always renew your certificates when you need to, we have
a Renewal Exemption to the Certificates per Registered Domain limit. Even if
you’ve hit the limit for the week, you can still issue new certificates that
count as renewals...

"Note that the Renewal Exemption also means you can gradually increase the
number of certificates available to your subdomains. You can issue 20
certificates in week 1, 20 more certificates in week 2, and so on, while not
interfering with renewals of existing certificates."

A wildcard certificate would be far more convenient! I'm looking forward to
that.

~~~
dijit
I would highly recommend talking to LetsEncrypt staff, since those limits are
there to mainly prevent abuse; and they have been quite forthcoming with
raising them or even lifting them completely in some cases.

~~~
trevordixon
Oh, good to know. Thank you!

------
skanga
Looks interesting. Somehow it would not work on a image file.

~~~
trevordixon
I've noticed occasional hiccups too, but it usually works on photos! Consider
it alpha quality.

------
fishnchips
Great job! Have you considered adding HTTPS support?

~~~
trevordixon
The public Serveo web server supports HTTPS. You'll get a URL like
[https://exussum.serveo.net](https://exussum.serveo.net).

Do you mean something like
[https://ngrok.com/docs#tls](https://ngrok.com/docs#tls), so TLS isn't
terminated until it reaches the user's machine? Should be doable; haven't
considered it yet!

------
chaz6
I like it!

Edit: How about support for HTTP/2 and TLS 1.3?

~~~
trevordixon
I'm using the stock Go HTTP and TLS stack. When I connect with Chrome, I see
HTTP/2 and TLS 1.2, which is the version Go implements according to
[https://golang.org/pkg/crypto/tls/](https://golang.org/pkg/crypto/tls/).

------
dr_faustus
would you consider open sourcing this?

~~~
trevordixon
Yes, someday. It would probably take me 15 or 20 hours to get something
published on GitHub. I'll get around to it eventually!

------
kodfodrasz
I cannot see a privacy policy, or any statement regarding the handling of the
data flowing through this tool, nor any code which could be audited.

~~~
trevordixon
Good point! HTTP requests and responses are retained in the program's memory
for the duration of an SSH session, then forgotten on SSH disconnect. IP
addresses are logged on SSH connect. I'll add a statement to the website and
the tool's help message.

