ehang-io/nps

NPS is a lightweight, high-performance intranet penetration proxy server, meaning it lets you expose services running on a private network (behind a router, firewall, or NAT, Network Address Translation) to the public internet without port forwarding or changing your router settings. The core problem it solves is a common one: your computer or device is on a home or office network and has no publicly reachable IP address. You might want to access your home desktop from outside, share a locally-running web app with a colleague, debug a payment gateway callback that needs a real URL, or SSH into a machine behind a corporate firewall. Normally, this requires complex router configuration that most people cannot control. NPS handles it by having the internal machine (running the NPS client) establish an outbound connection to a public NPS server you control, and then routing traffic from the internet back through that tunnel. It supports essentially every network protocol: TCP, UDP, HTTP and HTTPS, SOCKS5, and peer-to-peer connections. The server side runs on any machine with a public IP, and comes with a web management dashboard where you create and configure tunnel rules, monitor live traffic and bandwidth, set rate limits, and manage multiple clients and users. The client side is a single binary you run on the machine you want to expose. Additional features include HTTPS support for backend services that only speak plain HTTP, domain-based routing with custom headers and URL rewriting, traffic compression and encryption, and multi-user support with registration. You would use NPS when you need reliable intranet tunneling for development, remote access, or production webhook endpoints. It is written in Go, runs as a system service on Linux, Windows, and macOS, and is significantly lighter-weight than enterprise alternatives. The primary documentation and community is in Chinese.