Break out of localhost. Access your devices from behind firewalls. Securely access your services from anywhere. An easy-to-use secure tunnel for all sorts of wonderful things (kind of like a poor man's VPN).
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
RubenVinke 05dab9a52c '' updaten 4 months ago
bin update toml docfile 7 months ago
etc move most user config into node 11 months ago
examples update windows instructions and error message 11 months ago
lib update toml docfile 7 months ago
tests don't define host and port, even as null 10 months ago
usr/share continue when systemd --user fails 6 months ago
var move most user config into node 11 months ago
.gitignore working: manage token with client 10 months ago
LICENSE lots up cleanup 11 months ago '' updaten 4 months ago
package.json v0.20.8: fix npmPrefixPath 7 months ago

Telebit™ Remote

Because friends don’t let friends localhost™

| Sponsored by ppl | Telebit Remote | Telebit Relay | sclient |

Break out of localhost.

If you need to get bits from here to there, Telebit gets the job done.

Install Telebit Remote on any device - your laptop, raspberry pi, whatever - and now you can access that device from anywhere, even securely in a web browser.

How does it work? It’s a net server that uses a relay to allow multiplexed incoming connections on any external port.


  • Show your mom the web app you’re working on
  • Access your Raspberry Pi from behind a firewall
  • Watch Netflix without region restrictions while traveling
  • SSH over HTTPS on networks with restricted ports or protocols
  • Access your wife’s laptop while she’s on a flight


You do this:

curl -fsSL | bash

You get this:

~/telebit http 3000
> Forwarding => localhost:3000

~/telebit http ~/sites/
> Serving ~/sites/ as

And this:

~/telebit tcp 5050
> Forwarding => localhost:5050

And even this:

~/telebit ssh auto
> Forwarding ssh -p 1337 => localhost:22
> Forwarding ssh+https (openssl proxy) => localhost:22

No privileged ports. No sudo. End-to-end encryption.

Fastest way to test a site, share a file, and pair over ssh.


Mac & Linux

Open Terminal and run this install script:

curl -fsSL | bash

What does the installer do?

  • install Telebit Remote to ~/Applications/telebit/
  • symlink the executable to ~/telebit for convenience
  • create the appropriate system launcher file
    • /etc/systemd/system/telebit.service
    • ~/Library/LaunchAgents/cloud.telebit.remote.plist
  • create local user config
    • ~/.config/telebit/telebit.yml
    • ~/.local/share/telebit

Of course, feel free to inspect it before you run it: curl -fsSL

You can customize the installation:

export NODEJS_VER=v10.2                   # v10.2 is tested working, but we can test other versions
export TELEBIT_VERSION=master             # git tag or branch to install from
export TELEBIT_USERSPACE=no               # install as a system service (launchd, systemd only)
export TELEBIT_PATH=/opt/telebit
export TELEBIT_USER=telebit
export TELEBIT_GROUP=telebit
curl -fsSL | bash

That will change the bundled version of node.js is bundled with Telebit Relay and the path to which Telebit Relay installs.

Windows & Node.js

  1. Install node.js
  2. Open Node.js
  3. Run the command npm install -g telebit
  4. Copy the example daemon config to your user folder .config/telebit/telebitd.yml (such as /Users/John/.config/telebit/telebitd.yml)
  5. Copy the example remote config to your user folder .config/telebit/telebit.yml (such as /Users/John/.config/telebit/telebit.yml)
  6. Change the email address
  7. Run npx telebit init and follow the instructions
  8. Run npx telebit list

Note: Use node.js v10.2.1

(there are specific bugs in each of v8.x, v9.x, v10.0, and v10.3 that each cause telebit to crash)

Remote Usage

# commands
telebit <command>

# domain and port control
telebit <service> <handler> [servername] [options ...]


telebit status                          # whether enabled or disabled
telebit enable                          # disallow incoming connections
telebit disable                         # allow incoming connections
telebit restart                         # kill daemon and allow system launcher to restart it

telebit list                            # list rules for servernames and ports

                       #     HTTP     #

telebit http <handler> [servername] [opts]

telebit http none                       # remove all https handlers
telebit http 3000                       # forward all https traffic to port 3000
telebit http /module/path               # load a node module to handle all https traffic

telebit http none           # remove https handler from
telebit http 3001           # forward https traffic for to port 3001
telebit http /module/path   # forward https traffic for to port 3001

                       #     TCP      #

telebit tcp <handler> [servername] [opts]

telebit tcp none                        # remove all tcp handlers
telebit tcp 5050                        # forward all tcp to port 5050
telebit tcp /module/path                # handle all tcp with a node module

telebit tcp none 6565                   # remove tcp handler from external port 6565
telebit tcp 5050 6565                   # forward external port 6565 to local 5050
telebit tcp /module/path 6565           # handle external port 6565 with a node module

telebit ssh disable                     # disable ssh access
telebit ssh 22                          # port-forward all ssh connections to port 22

telebit save                            # save http and tcp configuration changes

Using SSH


ssh -o ProxyCommand='openssl s_client -connect %h:443 -servername %h -quiet'

SSH over non-standard port

ssh -p 3031

Daemon Usage (non-global)

~/Applications/bin/node ~/Applications/bin/telebitd.js --config ~/.config/telebit/telebitd.yml



email: ''          # must be valid (for certificate recovery and security alerts)
agree_tos: true                   # agree to the Telebit, Greenlock, and Let's Encrypt TOSes
relay: wss://        # a Telebit Relay instance
community_member: true            # receive infrequent relevant but non-critical updates
telemetry: true                   # contribute to project telemetric data
secret: ''                        # Secret with which to sign Tokens for authorization
#token: ''                         # A signed Token for authorization
ssh_auto: 22                      # forward ssh-looking packets, from any connection, to port 22
servernames:                      # servernames that will be forwarded here {}

Choosing A Relay

You can create a free or paid account at or you can run Telebit Relay open source on a VPS (Vultr, Digital Ocean) or your Raspberry Pi at home (with port-forwarding).

Only connect to Telebit Relays that you trust.

Check Logs


SYSTEMD_LOG_LEVEL=debug journalctl -xef --user-unit=telebit


tail -f ~/local/share/telebit/var/log/info.log
tail -f ~/.local/share/telebit/var/log/error.log



systemctl --user disable telebit; systemctl --user stop telebit
rm -f ~/.config/systemd/user/telebit.service
rm -rf ~/telebit ~/Applications/telebit
rm -rf ~/.config/telebit ~/.local/share/telebit


launchctl unload -w ~/Library/LaunchAgents/cloud.telebit.remote.plist
rm -f ~/Library/LaunchAgents/cloud.telebit.remote.plist
rm -rf ~/telebit ~/Applications/telebit
rm -rf ~/.config/telebit ~/.local/share/telebit

Browser Library

This is implemented with websockets, so you should be able to


Copyright 2016-2018+ AJ ONeal