Rustunnel
by @joaoh82
Expose local services via secure tunnels using rustunnel MCP server. Create public URLs for local HTTP/TCP services for testing, webhooks, and deployment.
clawhub install rustunnelπ About This Skill
name: rustunnel description: "Expose local services via secure tunnels using rustunnel MCP server. Create public URLs for local HTTP/TCP services for testing, webhooks, and deployment." version: 1.3.1 author: OpenClaw tags: [tunnel, ngrok, expose, devops, deployment, testing, webhooks]
Rustunnel - Secure Tunnel Management
Expose local services (HTTP/TCP) through public URLs using rustunnel. Perfect for testing webhooks, sharing local development, and deployment workflows.
When to Use
β οΈ IMPORTANT: Use MCP Tools, Not CLI
Always use MCP tools for tunnel management. They handle lifecycle automatically.
| Method | Lifecycle | Recommended | |--------|-----------|-------------| | MCP tools (create_tunnel, close_tunnel) | Automatic cleanup | β Yes | | CLI (rustunnel http 3000) | Manual process management | β Only for cloud sandboxes |
Why MCP tools?
Configuration File
Location: ~/.rustunnel/config.yml
This file stores your server address and auth token. The agent will read from this file instead of asking every time.
Format:
# rustunnel configuration
Documentation: https://github.com/joaoh82/rustunnel
server: edge.rustunnel.com:4040
auth_token: your-token-here
tunnels:
expense_tracker:
proto: http
local_port: 3000
# api:
# proto: http
# local_port: 8080
# subdomain: myapi
First-Time Setup
Before using tunnels, ensure config exists:
1. Check if config file exists: ~/.rustunnel/config.yml
2. If not, ask user: "What's your rustunnel auth token and server address?"
3. Create config file directly:
mkdir -p ~/.rustunnel
chmod 700 ~/.rustunnel
4. Write config with user's token:
server:
auth_token:
5. Set permissions: chmod 600 ~/.rustunnel/config.ymlAgent Workflow
Always follow this sequence:
Step 1: Check Config
# Check if config exists
cat ~/.rustunnel/config.yml
If config exists with auth_token: Read token and proceed.
If config missing: 1. Ask user: "What's your rustunnel auth token and server address?" 2. Create config file directly:
mkdir -p ~/.rustunnel
chmod 700 ~/.rustunnel
3. Write config with user's token:
server:
auth_token:
4. Set permissions: chmod 600 ~/.rustunnel/config.ymlStep 2: Read Token from Config
When making tool calls, read auth_token from ~/.rustunnel/config.yml:
auth_token: your-token-here
server: edge.rustunnel.com:4040
Use these values in tool calls - don't ask the user every time.
Step 3: Use MCP Tools
With token from config, call MCP tools directly.
MCP Tools (Recommended)
create_tunnel
Expose a local port and get a public URL.
Parameters:
| Param | Type | Required | Description |
|-------|------|----------|-------------|
| token | string | yes | API token (read from config) |
| local_port | integer | yes | Local port to expose |
| protocol | "http" \| "tcp" | yes | Tunnel type |
| subdomain | string | no | Custom subdomain (HTTP only) |
| region | string | no | Region ID (e.g. "eu", "us", "ap"). Omit to auto-select. Use list_regions to see options. |
Returns:
{
"public_url": "https://abc123.edge.rustunnel.com",
"tunnel_id": "a1b2c3d4-...",
"protocol": "http"
}
Lifecycle: Tunnel stays open until close_tunnel is called or MCP server exits.
close_tunnel
Close a tunnel by ID. Public URL stops working immediately.
Parameters:
| Param | Type | Required | Description |
|-------|------|----------|-------------|
| token | string | yes | API token |
| tunnel_id | string | yes | UUID from create_tunnel |
This is the proper way to close tunnels. No orphaned processes.
list_tunnels
List all currently active tunnels.
Parameters:
| Param | Type | Required | Description |
|-------|------|----------|-------------|
| token | string | yes | API token (read from config) |
Returns: JSON array of tunnel objects.
get_tunnel_history
Retrieve history of past tunnels.
Parameters:
| Param | Type | Required | Description |
|-------|------|----------|-------------|
| token | string | yes | API token |
| protocol | "http" \| "tcp" | no | Filter by protocol |
| limit | integer | no | Max entries (default: 25) |
list_regions
List available tunnel server regions. No authentication required.
Parameters: None
Returns: JSON array of region objects:
[
{ "id": "eu", "name": "Europe", "location": "Helsinki, FI", "host": "eu.edge.rustunnel.com", "control_port": 4040, "active": true }
]
get_connection_info
Returns the CLI command string without spawning anything. Use when MCP can't spawn subprocesses (cloud sandboxes, containers) or you prefer running the CLI yourself.
Parameters:
| Param | Type | Required | Description |
|-------|------|----------|-------------|
| token | string | yes | API token |
| local_port | integer | yes | Local port to expose |
| protocol | "http" \| "tcp" | yes | Tunnel type |
| region | string | no | Region ID (e.g. "eu"). Omit to auto-select. |
Returns:
{
"cli_command": "rustunnel http 3000 --server edge.rustunnel.com:4040 --token abc123",
"server": "edge.rustunnel.com:4040",
"install_url": "https://github.com/joaoh82/rustunnel/releases/latest"
}
Common Workflows
Common Workflows
1. Expose Local API (MCP Tools)
1. Read auth_token from ~/.rustunnel/config.yml
2. Create tunnel: create_tunnel(token, local_port=3000, protocol="http")
3. Store tunnel_id for later cleanup
4. Return public_url to user
5. When done: close_tunnel(token, tunnel_id)
2. Custom Subdomain
1. Read auth_token from config
2. create_tunnel(token, local_port=5173, protocol="http", subdomain="myapp-preview")
3. Return URL: https://myapp-preview.edge.rustunnel.com
4. close_tunnel(token, tunnel_id) when done
3. TCP Tunnel (Database)
1. Read auth_token from config
2. create_tunnel(token, local_port=5432, protocol="tcp")
3. Return tcp://host:port for connection
4. close_tunnel(token, tunnel_id) when done
4. Cloud Sandbox (CLI Fallback)
1. Read auth_token from config
2. get_connection_info(token, local_port=3000, protocol="http")
3. Output CLI command for user to run locally
4. User runs command
5. list_tunnels(token) to verify and get public_url
6. When done, user Ctrl+C the CLI process
Prerequisites
1. Rustunnel MCP server installed:
# Homebrew (macOS/Linux)
brew tap joaoh82/rustunnel
brew install rustunnel
# Or build from source
git clone https://github.com/joaoh82/rustunnel.git
cd rustunnel
make release-mcp
sudo install -m755 target/release/rustunnel-mcp /usr/local/bin/rustunnel-mcp
2. Config file: ~/.rustunnel/config.yml with auth_token set
MCP Configuration
Add to your MCP client config:
{
"mcpServers": {
"rustunnel": {
"command": "rustunnel-mcp",
"args": [
"--server", "edge.rustunnel.com:4040",
"--api", "https://edge.rustunnel.com:8443"
]
}
}
}
Note: The MCP server address should match the server in ~/.rustunnel/config.yml.
Architecture
Internet ββββ :443 βββββΆ rustunnel-server βββββΆ WebSocket βββββΆ rustunnel-client βββββΆ localhost:PORT
β
Dashboard (:8443)
REST API
Security Notes
--insecure only in local dev)chmod 600 ~/.rustunnel/config.ymlRelated Skills
Resources
β‘ When to Use
βοΈ Configuration
1. Rustunnel MCP server installed:
# Homebrew (macOS/Linux)
brew tap joaoh82/rustunnel
brew install rustunnel
# Or build from source
git clone https://github.com/joaoh82/rustunnel.git
cd rustunnel
make release-mcp
sudo install -m755 target/release/rustunnel-mcp /usr/local/bin/rustunnel-mcp
2. Config file: ~/.rustunnel/config.yml with auth_token set