Multiple Targets and Tunnels

One agent, many targets

You can expose multiple services from a single agent and tunnel. Use the config file to declare multiple targets and hostnames; you usually do not need separate tunnels for each service on the same machine.

Example:

tunnel_id: "demo-tunnel"
tunnel_secret: "beta-secret-123"

targets:
  - destination: "127.0.0.1:8080"
    kind: http
    hostnames:
      - "api"
      - "api.dev.yourdomain.com"
  - destination: "127.0.0.1:3000"
    kind: http
    hostnames:
      - "react-dev"
      - "react.dev.yourdomain.com"

Run with:

cruma-tunnel-ui config ./cruma.yaml

When one tunnel is enough

A few services owned by the same team/environment.
Shared credentials are acceptable (same tunnel secret).
Simple DNS: one tunnel ID with shortnames or custom hostnames.

When to use separate tunnels

Isolation per app/team/environment (different credentials and blast radius).
Different domains/hostnames that you want to keep apart.
Different usage profiles or rate-limit buckets.
Region/placement differences, if applicable to your setup.

Multiple agents for the same tunnel

You can run multiple agents with the same tunnel ID for load spreading and regional placement. Each agent connects to its nearest Cruma datacenter; callers are routed to the nearest datacenter where that tunnel is connected. Common patterns:

Regional presence: one tunnel, agents in EU and US to serve users closest to each region.
Simple load sharing: multiple agents behind the same tunnel ID on different servers.

Coordinate credentials and targets carefully when sharing a tunnel across agents. Use distinct tunnels if you need stricter isolation.*** End Patch

One agent, many targets​

When one tunnel is enough​

When to use separate tunnels​

Multiple agents for the same tunnel​

One agent, many targets

When one tunnel is enough

When to use separate tunnels

Multiple agents for the same tunnel