
Serveo: Expose Local Servers to the Internet - ducaale
https://serveo.net/
======
rohan1024
NAT has crippled the Internet. We are permanently dependent on public facing
servers to route packets from one device to the other.

This service is absolutely not needed in a non-NAT world. And I strongly
believe we have lost a lot by being completely dependent on client-server
model of Internet.

I've written more about it here

[https://www.ankshilp.in/post/the_broken_promise_of_internet/](https://www.ankshilp.in/post/the_broken_promise_of_internet/)

~~~
jfries
I'm probably missing something, but I think that, for home networks at least,
NAT is wonderful because of how it requires some effort to make devices
exposed on the external network. If we were given an unlimited supply of IP
addresses from the ISP and all devices were accessible externally, it seems
security issues in would be a much larger problem.

~~~
rohan1024
The original purpose of NAT was to get additional devices connected to
Internet since we had shortage of Ipv4 addresses. For security, we have
firewalls. If we had not been dependent on NAT for security, firewalls would
have been actually configured. We will have to configure firewalls with ipv6
anyway.

~~~
dboreham
NAT arose long before any address shortage concerns. Rather it was a response
to ISPs attempting to charge "per user" by associating a fee with each
additional address (note this is long before residential ISP service we know
today: Internet service was for businesses with retail subs only having ppp
access via dialup). NAT allowed customers to work around the ISPs pricing
model at the time.

~~~
phate
When my family first got broadband via Comcast@home back in the early 2000s
they had a proviso saying if you wanted more then one computer required a
separate subscription. My dad and my bother quickly figured out we could get
around this by using Windows Internet Connection Sharing. We eventually got a
Linksys Router that did the same job and was faster. IIRC even most dial up
ISPs did the same thing, if you wanted more then one computer online you had
to use separate creds.

------
trevordixon
Hey cool, this is my side project! I've been trying to think of other
interesting things to add to the project. For example, OpenSSH can do TUN/TAP
tunneling, so you can use SSH as a proper VPN. (See
[https://wiki.archlinux.org/index.php/VPN_over_SSH](https://wiki.archlinux.org/index.php/VPN_over_SSH))

How could that be useful in Serveo? How else could SSH be used creatively?

~~~
ris
It all almost seems _too_ easy. How much time do you have to spend dealing
with abuse reports?

------
Advaith
I've been using ngrok for development purposes. This seems like an interesting
alternative.

~~~
kevsim
Agreed. In particular when testing any sort of web hooks/callbacks, I get
pretty sick of constantly updating configurations as the ngrok tunnels change
subdomain.

Self-hosting is also a nice option.

~~~
kondro
The paid ngrok options are pretty sweet though and solve these issues.

~~~
chrsstrm
Seriously. ngrok is underpriced - I would pay double the ask without even
flinching. I can't even count how many times it has actively aided in me
getting paid.

~~~
Advaith
Completely agree, ngrok is totally hassle free and it helps speeden my
development workflow.

------
neilk
I really like Serveo.

I’ve used it to develop proper previews and unfurls for social media. Facebook
etc need a real public URL to even show you a preview.

And the other day I used it as a quick way to debug a server-client
communication issue. I’m developing a server, and the client developer is in a
completely different location. For a while I kept deploying dev servers with
little tweaks, but our progress was slow, Then I gave up and just exposed a
local running server to the internet via Serveo. My counterpart pointed his
client there, and we quickly iterated to a solution.

Yes we could have solved this in many other ways (remote debugging, VPNs, etc)
but this was surprisingly easy.

------
antoniomika
Another shameless plug, but I wrote something that pretty much does the exact
same thing:
[https://github.com/antoniomika/sish](https://github.com/antoniomika/sish).
Main difference was I didn't look forward to having to run a proprietary
binary to achieve something I could write and I wanted to have SSH
authentication built in so I can have it available publicly without having to
worry about abuse.

------
zackify
Shameless plug, but I just wrote a post on rolling this yourself in 15 minutes
or less. [https://zach.codes/roll-your-own-ngrok/](https://zach.codes/roll-
your-own-ngrok/)

~~~
trickstra
I was trying to achieve the same with ssh tunnels a while back, but I wanted
to have certbot running on the local machine, not on the DO server. So nginx
on the server would have to forward everything as-is, encrypted. Is that
possible?

~~~
antoniomika
It sounds like what you're looking for is to just forward the TCP port without
having nginx do the SSL termination for you. You can achieve that with vanilla
SSH though, just by forwarding port 443. If you want the virtual hosting, you
could use an SNI proxy (haproxy with SNI tcp proxying should do for that)

------
dang
A thread from 2017:
[https://news.ycombinator.com/item?id=14842951](https://news.ycombinator.com/item?id=14842951)

------
mijoharas
I've written and am running something exactly like this for my work. (We used
to use forward.wf but had to move away from it, a third party blocked it).

Very simple system, just a server+ nginx + letsencrypt. Tiny service to set
new people up. We've been running out the last year or so, it took an hour or
2 to write, and hasn't needed more than that maintenance since.

------
xref
I’ve been using self-hosted localtunnel but man is it unstable. It loses
connections several times a day and never releases now “dead” urls, so you
can’t count on a specific sub domain.

I’ll have to give serveo a whirl

~~~
xenator
I have this problem with Servo. Having your own name is big advantage over
ngrok. But connection need restart regularly.

~~~
deforciant
Hi! check out webhook relay
[https://webhookrelay.com/](https://webhookrelay.com/) :) it has multiple ways
to forward webhooks and internal connection healthchecks. Disclaimer: I built
it.

------
vajra
This is nice and i remember seeing this a while ago. However we couldn’t use
it since during local development, the engineers are quite relaxed with secret
keys, passwords, standard protocols …etc.

------
iampims
I’m a big fan of Cloudflare Tunnels:
[https://www.cloudflare.com/products/argo-
tunnel/](https://www.cloudflare.com/products/argo-tunnel/)

[https://ngrok.com](https://ngrok.com) is also a very good alternative.

~~~
ris
> [https://ngrok.com](https://ngrok.com) is also a very good alternative.

But with non-standard and proprietary client software.

~~~
iampims
True. I believe version 1 of ngrok was open-sourced, or at least source
available.

------
ultrarunner
I have to do something similar when testing Apple Pay et al in development. I
only get one connection at a time, and the latency is huge. Is ssh capable of
multiple connections within a tunnel? Is Serveo relatively performant?

------
adamfeldman
I came across Chisel today -- it supports TCP traffic and isn't limited to 3
tunnels like Serveo

[https://github.com/jpillora/chisel](https://github.com/jpillora/chisel)

------
dboreham
Note: you can do this yourself with a basic Linux VM, config to permit reverse
ssh tunnel, and run some SSL proxy like Apache. And a DNS record.

------
FloatArtifact
Never really figured out how to use it with for Minecraft server for over
predictive firewalls.

~~~
xenator
Isn’t it for HTTP traffic?

------
ahmadster
Curious, what was this written in?

~~~
rmetzler
I had the same question and a hunch it would be Go. The old 2017 thread has
the answer and indeed, it’s Go.

------
maxpert
Have been personally using it and I believe it’s a better alternative to
ngrok.

------
tourdownunder
I've wanted to do something similar to test webhooks in the past.

------
saravananl7
Why does edge/defender report this site is unsafe ?

~~~
T-A
I guess somebody is/was using it to serve up malware, which gets attributed to
the serveo.net domain when reported.

