HubTunnels: Because Public IPs Are Overrated

HT
Hubfly Team
Announcement

I recently used a cloud provider that offered VPS instances without public IPs.

Conceptually, this was great. I could get a server secured 100% from DDOS attacks and random port scanners without having to write a single firewall rule. It felt like a digital fortress.

But then reality hit.

I found out the only way to actually use the thing was through their web console (which lagged every time I typed ls) or by initiating a connection from the inside out. I could have set up a VPN, or a bastion host, or some complex overlay network, but it all felt like cheap tricks. I just wanted to SSH into my database.

So, while building Hubfly, we decided to fix this properly.

We wanted you to have 100% isolated containers that aren’t connected to the public internet, but that you can still access securely when you need to.

Enter HubTunnels.

TL;DR: You can now tunnel into any private container using standard SSH protocols, authenticated via a CLI, without exposing the container to the public internet.

How It Works (The “Magic” Part)

We didn’t reinvent the wheel; we just made the wheel actually round.

When you request a tunnel, we spin up a tiny, ephemeral “jump host” container right inside your project’s private network. It’s isolated, temporary, and knows exactly how to talk to your other containers.

  1. You ask for access: You run a command on your machine.
  2. We verify it’s you: We check your identity.
  3. We build the bridge: We launch a temporary SSH gateway attached to your project’s network.
  4. You walk across: We hand you a secure SSH connection string.

Secure Traffic Forwarding

Once the tunnel is up, you can port forward anything. Want to connect your local TablePlus to a remote Postgres database that has no public IP? Done. Want to attach a debugger to a backend service? Easy.

The Hubfly CLI

To make this smooth, we built the hubfly-cli. It handles the boring parts key generation, authentication, and API calls so you can focus on the actual work.

It’s open source, written in TypeScript, and available on npm.

npm install -g hubfly-cli

Once installed, the flow is basically:

  1. Login: hubfly login (Opens your browser, you click “Approve”, we handle the token exchange).
  2. Tunnel: hubfly tunnel create (We ask you which project and container you want).
  3. Connect: We give you the exact SSH command to run, or we can run it for you.

You can check out the source code here: github.com/hubfly-space/hubfly-cli.

Note: It’s currently v0.1.2, so treat it like a shakky glass of milk now. It works great, but wont launch rockets to space

For The DIY Cracked Dev (API Access)

If you hate CLIs or want to build your own integration, you can talk directly to our API.

Create a Tunnel:

POST https://hubfly.space/api/tunnels

{
  "projectId": "your_project_id",
  "containerId": "target_container_id",
  "targetPort": 5432,
  "publicKey": "ssh-ed25519 AAAA..."
}

We’ll return the SSH host, port, and username. You just standard SSH into it.

List Your Tunnels:

GET https://hubfly.space/api/tunnels

We also have a cleanup job running in the background that sweeps away these ephemeral containers once their TTL expires. No stale gateways cluttering up your project.

Why “HubTunnel”?

Because “Ephemeral SSH Jump Host Gateway Service” didn’t roll off the tongue.

It’s a hub. It tunnels. It’s simple.

Try It Out

If you already have a project on Hubfly, this feature is live right now.

  1. Install the CLI.
  2. Login.
  3. Create a database container (without a public domain).
  4. Tunnel into it.
  5. Marvel at the fact that you didn’t have to configure iptables.

Happy tunneling.

– The Hubfly Team

Related