SouthEast Linux Fest 2024

Tunneled Ingress: Patch or Proxy?
06-07, 13:00–13:50 (EST5EDT), System76 (BallroomA)

This one's for self-hosters navigating public ingress alternatives. We'll survey the gratis proxy providers and a libre entrant. We'll wrap up with some relevant examples for choosing between running a tunneling agent vs. going agent-less by patching the source to leverage a tunneling library.


Pairing a public reverse proxy with a reverse tunnel can be a better option for public ingress than port forwarding or a public VPS.

Until recently, the only way to achieve this was to run an agent to keep the tunnel to the public proxy open. That's still a fine choice and there are a few, interesting libraries that can make the tunneling functionality part of the application, eliminating the need for a separate agent, and allowing the app to have public ingress as long as it has public egress to create the reverse tunnel.

We'll touch on using systemd or Docker to run an agent, and Go and Python tunneling library examples.