proxer http
Command reference for tunnel clients.
proxer http <port> connects to a public Proxer server and forwards matched public requests to 127.0.0.1:<port> on the client machine.
proxer http 3000 --server wss://your-server.example.com --subdomain demo --token dev-tokenOptions
Section titled “Options”<port>: local HTTP port to forward to. This positional argument has no environment variable.--server <url>: Proxer server base URL. Accepted schemes arews://,wss://,http://, andhttps://; HTTP schemes are converted to WebSocket schemes internally. Do not include a path, query, or fragment.--subdomain <name>: register a chosen subdomain route. Omit it to let the server assign a random subdomain. Use--subdomain @to register the root route intentionally when the server has a configured--domain.--token <token>: shared token matching the server.--basic-auth-password <password>: require Basic Auth for public HTTP, SSE, and WebSocket access to this tunnel.--basic-auth-username <username>: optional Basic Auth username. If omitted, only the password is checked.
--token or PROXER_TOKEN is required. Without one, the command fails with token is required.
Environment variables
Section titled “Environment variables”PROXER_SERVER: default value for--server.PROXER_SUBDOMAIN: default value for--subdomain.PROXER_TOKEN: default value for--token.PROXER_BASIC_AUTH_PASSWORD: default value for--basic-auth-password.PROXER_BASIC_AUTH_USERNAME: default value for--basic-auth-username.
CLI flags take precedence over environment variables.
Public Basic Auth
Section titled “Public Basic Auth”Password-only mode:
PROXER_BASIC_AUTH_PASSWORD='secret' proxer http 3000 --server wss://proxy.example.com --token dev-tokenUsername and password mode:
PROXER_BASIC_AUTH_USERNAME='admin' \PROXER_BASIC_AUTH_PASSWORD='secret' \ proxer http 3000 --server wss://proxy.example.com --subdomain demo --token dev-tokenUse environment variables or secret stores for real deployments. --basic-auth-password can leak through shell history or process listings. Basic Auth protects public access to the proxied site, not tunnel registration; --token or PROXER_TOKEN is still required. Use HTTPS/WSS because Basic Auth credentials are sent in request headers.
Routes
Section titled “Routes”Auto-assigned subdomain route:
proxer http 3000 --server wss://proxy.example.com --token dev-tokenThe server assigns a random subdomain such as px-k7m3q9t2ab, the client prints the public URL, and reconnects during the same run keep using that assigned subdomain.
Root route:
proxer http 3000 --server wss://proxy.example.com --subdomain @ --token dev-tokenRequests for proxy.example.com are sent to the local service. Root routing is intended for servers started with --domain; without one, Proxer derives routes from the first host label.
Subdomain route:
proxer http 3000 --server wss://proxy.example.com --subdomain demo --token dev-tokenRequests for demo.proxy.example.com are sent to the local service.
Subdomains are lowercased and must be a single DNS label: letters, numbers, and hyphens only, no leading or trailing hyphen, max 63 characters.
Reconnect behavior
Section titled “Reconnect behavior”If an established control connection drops, the client retries and registers again when the server is reachable. Auto-assigned subdomains stay stable across reconnects during the same client run. If the initial connection fails before registration, the command may exit.