# Bore — Simple Self-Hosted TCP Tunnel to Localhost > A minimal Rust CLI tool for exposing local ports to the internet through a self-hosted relay server, offering a lightweight alternative to ngrok with no account required. ## Install Save in your project root: # Bore — Simple Self-Hosted TCP Tunnel to Localhost ## Quick Use ```bash # Install via cargo cargo install bore-cli # Expose local port 8000 to the public bore.pub relay bore local 8000 --to bore.pub # Or self-host your own server bore server --min-port 1024 ``` ## Introduction Bore is a lightweight TCP tunnel tool written in Rust that exposes local services to the internet without complex networking setup. Unlike commercial alternatives, bore can be entirely self-hosted and requires no accounts, API keys, or configuration files. ## What Bore Does - Creates TCP tunnels from a local port to a publicly accessible address - Supports self-hosting the relay server for full infrastructure control - Provides optional secret-based authentication to restrict tunnel creation - Assigns random or specific remote ports for predictable URLs - Works with any TCP-based protocol including HTTP, SSH, and databases ## Architecture Overview Bore uses a client-server model. The server listens on a control port (default 7835) for incoming client connections and allocates proxy ports for tunneled traffic. When external traffic arrives on a proxy port, the server forwards it through the control connection to the client, which relays it to the local service. All communication uses a minimal binary protocol over TCP. ## Self-Hosting & Configuration - Deploy the server with `bore server` on any internet-facing VPS - Set `--min-port` to restrict the range of ports clients can request - Use `--secret` flag on both server and client to require authentication - No configuration files needed; all options are CLI flags - Docker image available at `ekzhang/bore` for containerized deployment ## Key Features - Single static binary with zero dependencies (thanks to Rust) - Sub-millisecond overhead on tunnel connections - No rate limiting or bandwidth caps when self-hosted - Supports concurrent tunnels on a single server instance - Public relay at bore.pub available for quick testing without self-hosting ## Comparison with Similar Tools - **ngrok** — Feature-rich commercial product with TLS termination and dashboards; bore is simpler, free, and self-hostable - **Cloudflare Tunnel** — Requires Cloudflare account and DNS setup; bore works with raw TCP and needs no third-party accounts - **frp** — More configurable with TOML config files and multiple protocols; bore prioritizes zero-config simplicity - **rathole** — Similar Rust alternative with NAT traversal; bore focuses on ease of use with fewer moving parts ## FAQ **Q: Can bore handle HTTPS traffic?** A: Bore tunnels raw TCP, so you can run a reverse proxy like Caddy on the server side for TLS termination, or handle TLS at the local service. **Q: How do I get a stable subdomain?** A: Bore assigns ports, not domains. For stable URLs, use a reverse proxy on the server that routes based on Host headers to specific bore ports. **Q: Is the traffic encrypted?** A: The tunnel itself does not encrypt traffic. Use TLS at the application layer or wrap with SSH for sensitive data. **Q: What happens if the tunnel connection drops?** A: The client will exit. Use a process manager like systemd or a restart loop to automatically reconnect. ## Sources - https://github.com/ekzhang/bore - https://crates.io/crates/bore-cli --- Source: https://tokrepo.com/en/workflows/asset-f7bf44e8 Author: AI Open Source