Question on long lived proxy and limits

[uhmarcel]

Hi. First let me start by saying this project is awesome.

I understand the intent of this project is to ease dev / testing / short lived demos. Are there any limitations on using localtunnel for long lived proxying (permanent-ish tunnels)? Also is there a hard limit on how many tunnels can be opened with a single server?

For context, I'm working on a device that I'd like to auto connect to a subdomain once it's online ie. \<device-id>.my-domain.com. The main use case is I'd like to enable HTTPS for security. I've spent some time looking at options but haven't found a good solution yet; copying private key certs for 'my-domain' doesn't seem like a good idea since I intend to distribute these devices. Other tunneling solutions do work but are limited on the amount of tunnels, or start charging after 20+ tunnels. Localtunnel makes sense to me for this, but was curious if there are any limitations since my use case is probably not what was intended for it.

Thanks

[TheBoroer]

Hey! There's no limits on long lived proxying except that someone else might take over your subdomain in case the tunnel ever goes down (server/client issues or general internet issues). This is less of a problem if it's a private server like you seem to have.

There's no limit on how many tunnels can be opened (except there's a built in limit of 10 concurrent tunnels per subdomain but it can be changed in your private server fork).

Where did you want https to be used? If it's only on the assigned public subdomain you only need a wildcard SSL cert on the localtunnel-server installation (since device-id.my-domain.com is actually hitting your server all the time and it proxies requests to the device over regular TCP sockets).

[uhmarcel]

Hey @TheBoroer! thanks for your reply. Makes sense, at the moment I have a setup with wildcard SSL certificate and a couple of changes as you pointed out.

What I'm aiming for in the long term is to adapt localtunnel to be used as a public service, with the idea of allowing users to access their private devices out-of-network for home automation. I know that sounds risky to say the least — I've implemented enough security on the private devices themselves to be comfortable with, but securing the proxy would of course be a different animal, that and ensuring other people can't take over a subdomain as you pointed out.

Couple of questions if you don't mind

• You mentioned the limit of 10 concurrent tunnels per subdomain; is that the connected_sockets value in the tunnel stats? the one coming from maxSockets?
• Why are tunnels using multiple sockets each?
• If each tunnel needs a socket, would that limit the server to 64K tunnels? or 6.4K if each use 10
• Is it possible to scale the service horizontally by adding nodes? I imagine not out of the box, as the LB would somehow need to know which node owns a tunnel/connection, conflicts and all of that fun.

Thanks!