Skip to main content

Common Scenarios

Quick recipes for typical setups. Replace SECRET_KEY/TUNNEL_ID with your beta credentials.

React dev server on port 3000

cruma-tunnel-ui http --target 127.0.0.1:3000 --tunnel-id react-dev --secret-key SECRET_KEY

Start your dev server (npm start/yarn start), then run the tunnel.
If your dev server uses HTTPS, use the https subcommand instead of http.

API server on port 8080 with custom domain

cruma-tunnel-ui http --target 127.0.0.1:8080 --tunnel-id api-demo --secret-key SECRET_KEY --hostnames api api.dev.yourdomain.com

CNAME api.dev.yourdomain.com to <tunnel-id>.tun.cruma.io, then add it to --hostnames.
api expands to api.<tunnel-id>.tun.cruma.io.

Multi-target config file

Use a config file to run multiple targets with one command:

tunnel_id: "demo-tunnel"
tunnel_secret: "beta-secret-123"

targets:
  - destination: "127.0.0.1:8080"
    kind: http
    hostnames:
      - "api"
      - "api.dev.yourdomain.com"
  - destination: "127.0.0.1:3000"
    kind: http
    hostnames:
      - "react-dev"
      - "react.dev.yourdomain.com"

Run it:

cruma-tunnel-ui config ./cruma.yaml

High-assurance (pinning/mTLS)

Use a custom hostname (CNAME to <tunnel-id>.tun.cruma.io) and terminate TLS on your agent.
Pin your agent’s public key in clients (or use mTLS) so only your cert is accepted.
Combine with CAA on your domain to restrict certificate issuance to your chosen CA.

React dev server on port 3000
API server on port 8080 with custom domain
Multi-target config file
High-assurance (pinning/mTLS)