How it works
One connection, many streams
The client maintains a single QUIC connection to your server. When a request hits your public URL, the server opens a new stream. No reconnection, no overhead, no blocking.
Your service
localhost:3000
QUIC tunnel
Per-request streams
Public URL
*.tunnel.example.com
terminal
$ funnel http 3000 --id my-app
funnel
public urlhttps://my-app.tunnel.example.com
forwardinglocalhost:3000
tunnel idmy-app
Features
QUIC streams
Each HTTP request gets its own QUIC stream. No head-of-line blocking, no framing overhead.
Automatic TLS
Wildcard certificates from Let's Encrypt via DNS-01. Cloudflare, Route53, or your own provider.
Teams & OAuth
GitHub and generic OIDC login. API keys with scoped permissions. Team-scoped tunnels.
Self-hosted
Single binary, embedded database option. Your infrastructure, your data.
NixOS native
NixOS module with systemd hardening. Home Manager with sops-nix. OCI containers.
Observable
Prometheus metrics for tunnels, bandwidth, and latency. Per-tunnel request stats.