Skip to content
ProxerProxerv0.13.0

proxer http

Command reference for tunnel clients.

proxer http <port> connects to a public Proxer server and forwards matched public requests to 127.0.0.1:<port> on the client machine.

proxer http 3000 --server wss://your-server.example.com --subdomain demo --token dev-token
  • <port>: local HTTP port to forward to. This positional argument has no environment variable.
  • --server <url>: Proxer server base URL. Accepted schemes are ws://, wss://, http://, and https://; HTTP schemes are converted to WebSocket schemes internally. Do not include a path, query, or fragment.
  • --subdomain <name>: register a chosen subdomain route. Omit it to let the server assign a random subdomain. Use --subdomain @ to register the root route intentionally when the server has a configured --domain.
  • --token <token>: shared token matching the server.
  • --basic-auth-password <password>: require Basic Auth for public HTTP, SSE, and WebSocket access to this tunnel.
  • --basic-auth-username <username>: optional Basic Auth username. If omitted, only the password is checked.

--token or PROXER_TOKEN is required. Without one, the command fails with token is required.

  • PROXER_SERVER: default value for --server.
  • PROXER_SUBDOMAIN: default value for --subdomain.
  • PROXER_TOKEN: default value for --token.
  • PROXER_BASIC_AUTH_PASSWORD: default value for --basic-auth-password.
  • PROXER_BASIC_AUTH_USERNAME: default value for --basic-auth-username.

CLI flags take precedence over environment variables.

Password-only mode:

PROXER_BASIC_AUTH_PASSWORD='secret' proxer http 3000 --server wss://proxy.example.com --token dev-token

Username and password mode:

PROXER_BASIC_AUTH_USERNAME='admin' \
PROXER_BASIC_AUTH_PASSWORD='secret' \
proxer http 3000 --server wss://proxy.example.com --subdomain demo --token dev-token

Use environment variables or secret stores for real deployments. --basic-auth-password can leak through shell history or process listings. Basic Auth protects public access to the proxied site, not tunnel registration; --token or PROXER_TOKEN is still required. Use HTTPS/WSS because Basic Auth credentials are sent in request headers.

Auto-assigned subdomain route:

proxer http 3000 --server wss://proxy.example.com --token dev-token

The server assigns a random subdomain such as px-k7m3q9t2ab, the client prints the public URL, and reconnects during the same run keep using that assigned subdomain.

Root route:

proxer http 3000 --server wss://proxy.example.com --subdomain @ --token dev-token

Requests for proxy.example.com are sent to the local service. Root routing is intended for servers started with --domain; without one, Proxer derives routes from the first host label.

Subdomain route:

proxer http 3000 --server wss://proxy.example.com --subdomain demo --token dev-token

Requests for demo.proxy.example.com are sent to the local service.

Subdomains are lowercased and must be a single DNS label: letters, numbers, and hyphens only, no leading or trailing hyphen, max 63 characters.

If an established control connection drops, the client retries and registers again when the server is reachable. Auto-assigned subdomains stay stable across reconnects during the same client run. If the initial connection fails before registration, the command may exit.