rathole-org/rathole

★ 13,536RustAudience · ops devopsComplexity · 3/5Setup · moderate

Mindmap

mindmap
  root((rathole))
    What It Does
      NAT traversal
      Port forwarding
      Self-hosted tunnel
    Config
      Server mode
      Client mode
      TOML config file
    Security
      Token authentication
      TLS encryption
      Noise Protocol
    Strengths
      High throughput
      Low memory use
      Small binary size

mindmap root((rathole)) What It Does NAT traversal Port forwarding Self-hosted tunnel Config Server mode Client mode TOML config file Security Token authentication TLS encryption Noise Protocol Strengths High throughput Low memory use Small binary size

Click or tap to explore — scroll the page freely

Things people build with this

USE CASE 1

Expose your home NAS or Raspberry Pi's SSH port to the internet so you can access it remotely without a static IP or port-forwarding your router.

USE CASE 2

Self-host a web service on a home server and make it publicly reachable through a cheap cloud VPS.

USE CASE 3

Run rathole on a constrained device like a router using very little memory and CPU thanks to its small binary size.

USE CASE 4

Add or remove forwarded services while rathole is running by reloading the config file, without downtime.

Tech stack

RustTOMLTLSDocker

Getting it running

Difficulty · moderate Time to first run · 30min

Requires a separate VPS or cloud server with a public IP address to act as the relay endpoint.

In plain English

rathole is a tool that helps you reach a computer or service that sits behind a home or office router. Many devices, like a home NAS or a small server, do not have their own public address on the Internet, so people on the outside cannot connect to them directly. This situation is called being behind NAT. rathole solves it by routing traffic through a second machine that does have a public address, so the hidden service becomes reachable. It works in the same spirit as two other known tools, frp and ngrok, and is written in the Rust programming language. The setup has two parts. You run rathole in server mode on a machine with a public address, and you run it in client mode on the device you want to expose. Both sides read a small configuration file written in TOML format. The server file lists which public port should forward to which service, and the client file points at the server and at the local service to forward. A shared secret token must match on both sides, which keeps strangers from using your tunnel. The README walks through a concrete example: exposing the SSH service of a home NAS so you can log into it from anywhere. After both sides are running, traffic sent to a chosen port on the public server is passed through to the chosen port on the device at home. The project lists several features it focuses on. It aims for high throughput and stable behavior under many connections, low memory use, and a very small program file that can fit on constrained hardware such as routers. Tokens are required for every service, and traffic can be encrypted using either TLS or the Noise Protocol, with no need to create your own certificate. Services can also be added or removed while it runs by reloading the configuration file. You can get a prebuilt release, a Docker image, or build it from source yourself.

Copy-paste prompts

Prompt 1

Help me set up rathole to expose my home NAS SSH service through a VPS. Write the server-side and client-side TOML config files, including the shared secret token.

Prompt 2

How do I configure rathole to encrypt my tunnel traffic using TLS or the Noise Protocol without having to create my own TLS certificate?

Prompt 3

Show me how to hot-reload rathole's config file to add a new forwarded service without restarting the client or server.

Prompt 4

Write a docker-compose.yml to run rathole in client mode on my home server, mounting a local TOML config file.

Open on GitHub → Explain another repo

← rathole-org on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.