Many times during developing some application it becomes important to show the progress to someone over the internet.

Most of the time we end up using some screen sharing software. That, however, can only show my screen to the other person. They cannot really interact with the application.

We can use some software for remote desktop sharing but then I cannot work while the other person is using my screen.

One very nice solution is ngrok, which essentially creates a tunnel from the local system to ngrok’s servers and gives a nice URL.


However, I was a bit concerned since all my traffic was getting redirected via ngrok’s servers.

I was looking around for something which would do the same thing but via my servers and finally came across inlets. This is an open source project, written in Go, which can be easily self hosted.

From their site

inlets creates a tunnel between two networks using a websocket and optional TLS for encryption. The main use-case for inlets is to expose a private API or service on the Internet, or to gain incoming network access (ingress) to a private network.

For this to work, three things are required –

1 inlets needs to be set up on a server (preferably over https)
2 inlets has to be running locally on a client
3 a program to run locally which serves over localhost

Thanks to Ruan’s blog post which got me going on this.

Configure inlets to run on server

Running inlets on the server is actually very straightforward.

curl -sLS | sudo sh

This puts the inlets program into /usr/local/bin/inlets so that it’s accessible everywhere.

Create a token variable

This should be a sufficiently long arbitrary string to provide security to the connection

$> export INLETSTOKEN=$(head -c 16 /dev/urandom | shasum | cut -d" " -f1)

To see it –


Copy paste it since it is going to be required from the local machine

Run inlets server

Now run inlets with this token

$> inlets server --port=8000 --token=$INLETSTOKEN
2020/02/22 02:04:14 Welcome to! Find out more at
2020/02/22 02:04:14 Starting server - version 2.6.4
2020/02/22 02:04:14 Server token: "99377fd98062f1559aef634dba7d508443f58979"
2020/02/22 02:04:14 Control Plane Listening on :8000
2020/02/22 02:04:14 Data Plane Listening on :8000

Configure nginx to direct a URL to inlets server

This was the bigger challenge for me as I had to try different variations of the nginx configuration until I could get this working!

You should use a URL which should only be used for Nginx. So, something like –

inlets.<your domain>

Create a nginx conf file.

server {

  listen			80;
  listen			443 ssl;
  server_name		<inlets URL>;

  ssl_certificate <SSL certificate path>;
  ssl_certificate_key <SSL certificate key>;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  error_log 		/var/log/nginx/inlets_error.log;
  access_log 		/var/log/nginx/inlets_access.log;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;

    proxy_pass http://ws-backend;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

  location /tunnel {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 86400;
    proxy_pass "";


upstream ws-backend {

I created separate log files for error and access so that I could identify the issues in case it doesn’t work.

Reload nginx for the configuration to take effect –

$> nginx -s reload

run a program locally which serves over localhost

I ran a simple rack server for testing purposes. This is a ‘‘ file –

run lambda { |env|
    {'Content-Type' => 'text/html'},
    ['Hello World!']

And ran it using –

$> rackup
* Version 3.11.2 (ruby 2.4.2-p198), codename: Love Song
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://localhost:9292
Use Ctrl-C to stop

run inlets locally on your computer

Download inlets to the local system and run it using –

inlets client --remote wss:// --upstream=<inlets URL>= --token=99377fd98062f1559aef634dba7d508443f58979

The token should be the same as the one used on the server.

Now, visit your URL to see your progrom output on a website!

Additional considerations on server

Since the inlets server is running in the foreground, it’s better to make it a service so that it runs in the background always. Also, it should start on boot.

Also, the inlets auth token should be saved in file so that the inlets server can access it.

save auth token to a file
$> echo "AUTHTOKEN=99377fd98062f1559aef634dba7d508443f58979" > /etc/defaults/inlets
create an inlets service file and save it in /etc/systemd/system/inlets.service
$> cat /etc/systemd/system/inlets.service
Description=Inlets Server Service

ExecStart=/usr/local/bin/inlets server --port=8000 --token="${AUTHTOKEN}"


Stop the server if it is running in the foreground and start the inlets service

$> systemctl start inlets

Additional considerations on local computer

For running inlets on my local computer I just created an alias –

alias pipe=./path_to_inlets client --remote wss:// --upstream=<inlets URL>=$1 --token=99377fd98062f1559aef634dba7d508443f58979

Here, the $1 variable gets replaced with whatever port I give from the command line.

So, now I just have to run –

$> pipe 9292