MonkeyTunel

Server:

Total Tunnels

Your Tunnels

No tunnels configured yet.

Create Tunnel

Status	Name	Protocol	Route	Public URL	Uptime	Actions

No tunnels yet. Click "+ New Tunnel" to get started.

Live

Status	Method	Path	Time

No requests captured. Send traffic through the tunnel to see requests here.

Save this key now - it won't be shown again

Name	Prefix	Created	Actions

No API keys. Create one to connect the CLI client.

Quick Start Guide

Get a tunnel running in under 2 minutes.

Create an API Key

Go to and create a new key. Copy it immediately - it's only shown once.

Create a Tunnel

Go to and create a new tunnel. Choose HTTP protocol with subdomain routing for web apps.

Download the Client

Download from the /download page, or:

curl -sL https:///api/download/linux/amd64 -o tunnle-client && chmod +x tunnle-client

Connect

Run the client pointing at your local service:

./tunnle-client \
  -server wss:// \
  -key YOUR_API_KEY \
  -tunnel YOUR_TUNNEL_ID \
  -local 127.0.0.1:3000

CLI Reference

All available command-line flags for tunnle-client.

Flag	Default	Description
-server	required	Server WebSocket URL (wss://...)
-key	required	API key for authentication
-tunnel	required	Tunnel ID from the dashboard
-local	127.0.0.1:8080	Local address to forward traffic to
-proto	http	Protocol: http, tcp, or udp
-route	subdomain	Route mode: subdomain, path, or port
-subdomain	-	Subdomain for routing
-path	-	Path prefix for routing
-port	0	Remote port for TCP/UDP
-config	~/.monkeytunel.yml	Path to config file
-profile	-	Config profile to use
-init	false	Print example config and exit
-v	false	Verbose/debug logging

Config File

Instead of passing flags, use a YAML config at ~/.monkeytunel.yml.

Generate a starter config: tunnle-client -init > ~/.monkeytunel.yml

# ~/.monkeytunel.yml
server: wss://
key: your-api-key-here

tunnels:
  - name: myapp
    id: your-tunnel-uuid
    local: 127.0.0.1:3000
    proto: http
    route: subdomain
    subdomain: myapp

  - name: ssh
    id: another-tunnel-uuid
    local: 127.0.0.1:22
    proto: tcp
    route: port
    port: 2222

Then just run: tunnle-client (no flags needed)

Command-line flags always override config file values.

Protocols

TCP

For SSH, databases, game servers, or any TCP service. Allocates a remote port on the server that forwards to your local port. Example: expose local SSH on port 2222 remotely.

./tunnle-client -proto tcp -route port -port 2222 -local 127.0.0.1:22 ...

UDP

For DNS, game servers, VoIP, or any UDP service. Works similarly to TCP - allocates a remote UDP port. Datagrams are framed and tunneled over the WebSocket connection.

./tunnle-client -proto udp -route port -port 5353 -local 127.0.0.1:53 ...

Custom Domains

Point your own domain to a tunnel instead of using the default subdomain.

Add a CNAME record

Point your domain to this server:

app.yourdomain.com  CNAME

Set custom domain on tunnel

Edit your tunnel and enter the custom domain in the "Custom Domain" field, or set it when creating the tunnel.

Connect the client

Traffic to app.yourdomain.com will be routed to your tunnel automatically.

Webhook Notifications

Get notified when your tunnel connects or disconnects. Set a webhook URL on any tunnel.

Events

tunnel_connectedFired when the client connects and registers

tunnel_disconnectedFired when the client disconnects (includes byte counts)

Payload Example

{
  "event": "tunnel_disconnected",
  "tunnel_id": "abc-123-...",
  "timestamp": "2026-02-28T12:00:00Z",
  "data": {
    "bytes_in": 1048576,
    "bytes_out": 524288,
    "connection_count": 42,
    "duration_seconds": 3600.5
  }
}

Request Inspector

The inspector captures the last 100 HTTP requests flowing through a tunnel, showing method, path, status code, headers, body preview, and latency.

To use it:

Go to Tunnels and click Inspect on an HTTP tunnel
Send traffic through the tunnel
The inspector auto-refreshes every 2 seconds
Click any request row to expand headers and body

You can also fetch requests via the API:

GET /api/tunnels/{id}/requests

Docker / Self-Hosting

Run your own MonkeyTunel server with Docker.

Quick Start with Docker Compose

git clone <repo> && cd monkeytunel
# Edit docker-compose.yml with your domain and secrets
docker compose up -d

Standalone Docker

docker build -t monkeytunel .
docker run -d \
  -p 80:80 -p 443:443 -p 8080:8080 \
  -v ./data:/data \
  -v ./certs:/certs \
  -e TUNNLE_DOMAIN=tunnel.example.com \
  -e TUNNLE_JWT_SECRET=your-secret \
  monkeytunel

Server Config (TOML)

listen = ":443"
domain = "tunnel.example.com"
base_domain = "tunnel.example.com"
db_path = "/data/tunnle.db"
jwt_secret = "generate-a-strong-secret"
tls_cert = "/certs/fullchain.pem"
tls_key = "/certs/privkey.pem"
rate_limit_api = 60
rate_limit_auth = 10
bin_dir = "/data/binaries"

Cross-Compile Client Binaries

make build-all  # Builds for linux/darwin/windows x amd64/arm64

API Reference

All endpoints require Authorization: Bearer <token> except auth routes.

Authentication

POST/api/auth/loginGet tokens

POST/api/auth/refreshRefresh access token

Tunnels

GET/api/tunnelsList your tunnels

POST/api/tunnelsCreate tunnel

GET/api/tunnels/:idGet tunnel

PUT/api/tunnels/:idUpdate tunnel

DELETE/api/tunnels/:idDelete tunnel

GET/api/tunnels/:id/statusOnline status & metadata

GET/api/tunnels/:id/statsAnalytics (historical + live)

GET/api/tunnels/:id/requestsInspector: captured requests

API Keys

GET/api/apikeysList keys

POST/api/apikeysCreate key

DELETE/api/apikeys/:idRevoke key

Admin (admin only)

GET/api/admin/usersList all users

PUT/api/admin/users/:idUpdate user (quota, admin)

DELETE/api/admin/users/:idDelete user

GET/api/admin/tunnelsList all tunnels

GET/api/admin/statsSystem stats

Downloads

GET/downloadDownload page

GET/api/download/:os/:archBinary download

Create User

User	Email	Role	Bandwidth Limit	Joined	Actions

Name	Protocol	Route	Owner	Created

No tunnels in the system.

Sign In