Hi everyone!

I'm excited to share FerroTunnel, a high-performance, embeddable reverse tunnel library for Rust applications.

What is it?

FerroTunnel lets you expose local services behind NAT/firewalls, similar to ngrok or Cloudflare Tunnel, but designed to be library-first and fully embeddable in your Rust applications.

Why another tunnel?

Most existing solutions are either:

• SaaS-only with vendor lock-in
• Standalone binaries that don't integrate into your app
• Heavy on resources with Go/Node runtimes

FerroTunnel is:

• Zero-copy where possible using Bytes and careful buffer management
• Plugin-based - intercept and transform requests with custom middleware
• Observable - built-in Prometheus metrics, OpenTelemetry, and a real-time dashboard
• Embeddable - use as a library with Client::builder() / Server::builder() or as a CLI

Quick example:

use ferrotunnel::prelude::*;

#[tokio::main]
async fn main() -> Result<()> {
    // Server
    let server = Server::builder()
        .bind_addr("0.0.0.0:7835")
        .http_addr("0.0.0.0:8080")
        .build()?;
    
    tokio::spawn(async move { server.serve().await });

    // Client - expose local HTTP service
    let client = Client::builder()
        .server_addr("tunnel.example.com:7835")
        .subdomain("myapp")
        .upstream("http://localhost:3000")
        .build()?;
    
    client.connect().await?;
    Ok(())
}

Project status

Early but functional.

Looking for:

• Feedback on API design
• Performance testing on different workloads
• Plugin authors (custom auth, logging, transformations)
• Production deployment stories

Links

• GitHub: github.com
• Crates: crates.io: Rust Package Registry
• Docs: ferrotunnel - Rust

Roadmap

• QUIC transport (UDP-based, better for mobile/unreliable networks)
• WebSocket ingress
• More builtin plugins (JWT auth, IP allowlisting)
• Kubernetes operator

Would love to hear your thoughts, especially if you've built similar systems or have use cases I haven't considered!

1 post - 1 participant

Read full topic