Public Tunnel

Expose a local web service without opening router ports.

Public Tunnel creates an outbound-only HTTPS path from your device to DNSExit so visitors can reach a local app, dashboard, NAS interface, or webhook receiver even when inbound access is blocked.

No port forwardingThe client connects outward, so you do not need router changes to start.

Web-first serviceStart with HTTPS use cases before widening into more complex TCP workflows.

Built for self-hostersGood for home labs, demos, dashboards, and callback URLs.

Good first uses

Home-lab dashboards
Local development demos
NAS or camera web panels
Webhook receivers and test apps

Explore common use cases

Home server without port forwarding Test webhooks from localhost Share a local web app online

Compare the alternatives

Dynamic DNS vs Public Tunnel What is a reverse tunnel? Public Tunnel vs VPN Public Tunnel vs port forwarding

When Public Tunnel beats Dynamic DNS

Dynamic DNS is still the right answer when you already have public inbound access and only need the hostname to follow a changing IP. Public Tunnel is better when inbound access is blocked, router settings are unavailable, or you want a simpler path for web traffic.

Common questions

Does Public Tunnel require port forwarding?

No. The client connects outward to DNSExit, so you do not need to open inbound router ports for the first web-focused workflow.

Can I use it for webhooks?

Yes. A public HTTPS callback URL that forwards to a local app is one of the strongest early use cases.

Is this the right fit for SSH or RDP?

Usually not. Public Tunnel is web-first; Static-IP Relay is the better path for TCP services such as SSH, RDP, or VPN.

Do I still need app login controls?

Yes. A tunnel makes the app reachable; it does not replace authentication, authorization, or sensible app security.

Want early access?

Tell us what local web service you need to reach, and we will use those answers to shape the first customers.

Get started What is a reverse tunnel?