Instant public HTTPS URLs for localhost via SSH tunneling. Zero configs or downloads.
XPOS is a secure SSH tunnel service that gives developers instant public HTTPS URLs for their local development servers. No installation, no configuration, no sign-up requiredβjust SSH and you're live.
Perfect for:
- πͺ Testing webhooks locally (Stripe, GitHub, etc.)
- π± Mobile device testing without deployment
- π¨ Sharing work-in-progress with clients
- π€ Remote team collaboration
- π Accessing local servers from anywhere
ssh -p 443 -R0:127.0.0.1:8000 x@go.xpos.devOutput:
Your public URL(s) (auto-expires in 3 hours):
https://calm-owl-a3f9b2.xpos.to
Press Ctrl+C to stop
That's it. Your localhost is now accessible at the public URL.
Change 127.0.0.1:8000 to match your local server:
# React/Vite dev server (port 5173)
ssh -p 443 -R0:127.0.0.1:5173 x@go.xpos.dev
# Django dev server (port 8000)
ssh -p 443 -R0:127.0.0.1:8000 x@go.xpos.dev
# Next.js dev server (port 3000)
ssh -p 443 -R0:127.0.0.1:3000 x@go.xpos.dev
# Custom port
ssh -p 443 -R0:127.0.0.1:YOUR_PORT x@go.xpos.devForward multiple local ports in a single SSH session:
ssh -p 443 -R0:localhost:8000 -R0:localhost:3000 x@go.xpos.devOutput:
Your public URL(s) (auto-expires in 3 hours):
https://calm-owl-a3f9b2.xpos.to
https://brave-fox-d7e4c1.xpos.to
Press Ctrl+C to stop
Get your public URL in under 100ms. Zero configuration, instant results every time.
- SSH-based encryption end-to-end
- Automatic HTTPS certificates
- No plaintext traffic, ever
- Built-in security warnings for browser access
- No signup required
- No installation needed
- No config files to manage
- One SSH command and you're live
Forward any local portβdev servers, APIs, databases, webhooks, anything running on localhost.
Test your local site on real mobile devices without deploying to staging servers.
Works with your existing SSH client. No new tools to learn or install.
- Run Command: Paste the SSH command into your terminal
- Get URL: Receive a unique public HTTPS URL instantly
- Share & Test: Share with clients or test webhooks anywhere
XPOS uses SSH remote port forwarding (-R) to create a secure tunnel from your local machine to our edge servers. When visitors access your public URL, traffic is proxied through the tunnel to your local server.
βββββββββββββββ HTTPS ββββββββββββ SSH Tunnel ββββββββββββββββ
β Visitor β βββββββββββββΊ β XPOS β ββββββββββββββββββΊ β Your Local β
β (Browser) β β Server β β Server β
βββββββββββββββ ββββββββββββ ββββββββββββββββ
All traffic is encrypted via SSH, and HTTPS certificates are automatically managed for all public URLs.
Test webhooks from services like Stripe, GitHub, or Twilio without deploying:
# Start your local server
npm run dev
# Create tunnel
ssh -p 443 -R0:127.0.0.1:3000 x@go.xpos.dev
# β https://calm-owl-a3f9b2.xpos.to
# Use the URL in your webhook settingsShare work-in-progress without pushing to production:
ssh -p 443 -R0:127.0.0.1:8000 x@go.xpos.dev
# Share the URL with your clientTest your local site on real devices:
ssh -p 443 -R0:127.0.0.1:5173 x@go.xpos.dev
# Open the URL on your phone/tabletLet remote team members access your local environment:
ssh -p 443 -R0:127.0.0.1:8080 x@go.xpos.dev
# Share the URL with your teamUse in automated testing pipelines:
#!/bin/bash
# Start app in background
npm start &
# Create tunnel and capture URL
ssh -p 443 -R0:127.0.0.1:3000 x@go.xpos.dev &
# Run integration tests with the public URLThis is a security feature by design. Temporary URLs prevent accidental long-term exposure of your local development environment. The 3-hour limit ensures that if you forget to close the tunnel, it automatically disconnects.
This protects you from accidentally leaving your local server exposed to the internet indefinitely. Plus, it encourages best practices: use tunnels for temporary testing, not permanent hosting.
Yes. All tunnels run over SSH with end-to-end encryption. Your connection is as secure as any SSH session. Additionally, all public URLs are served over HTTPS with valid TLS certificates.
Any TCP port you're running locally. Common examples:
- 3000 (React, Express)
- 5173 (Vite)
- 8000 (Django, Laravel)
- 8080 (general)
- Any custom port between 1-65535
No. Your machine initiates the SSH connection out to port 443. As long as you can reach the internet on port 443 (HTTPS), you're good. No router configuration needed.
Yes. The SSH command is non-interactive and scriptable, making it perfect for CI/CD pipelines, automated testing, and ephemeral preview URLs.
Yes, XPOS is currently free to use with 3-hour session limits. Future plans may include paid tiers for extended sessions and additional features.
Yes. All public URLs are served over HTTPS with valid TLS certificates automatically managed. Your visitors see a green padlock in their browser.
First-time visitors see a security warning explaining they're about to access a tunnel to someone's local machine. They must explicitly accept to proceed. This prevents accidental data exposure.
Custom domains are not currently supported but are planned for future releases.
XPOS is designed for maximum simplicity:
- No account creation or authentication
- No client installation (just SSH)
- No configuration files
- Instant public URLs (< 100ms)
If you need advanced features like custom domains, TCP tunnels, or persistent URLs, ngrok might be a better fit. XPOS prioritizes zero-friction developer experience.
- SSH client (pre-installed on macOS/Linux, available on Windows via Git Bash, WSL, or PuTTY)
- A local server running on some port
- Internet connection
That's it. No installation or configuration needed.
- β End-to-end SSH encryption
- β Automatic HTTPS certificates
- β Security warnings for browser visitors
- β 3-hour auto-expiration
- β No permanent data storage
- π Don't tunnel production services
- π Don't expose sensitive databases directly
- π Don't share URLs with untrusted parties
- π Close tunnels when done (Ctrl+C)
- π Treat tunnel URLs like localhostβthey're just publicly accessible
If you discover a security vulnerability, please email security@xpos.dev instead of using the public issue tracker.
- Protocol: SSH remote port forwarding (
-R) - Encryption: SSH (end-to-end) + HTTPS (edge to visitor)
- Certificates: Automatic wildcard SSL via Let's Encrypt
- DNS: Dynamic subdomain allocation
- Timeout: 3 hours (configurable in future)
- Tunnel creation: < 100ms
- Proxy latency: < 10ms added overhead
- Concurrent tunnels: 1000+ per server
- Event logging: 100% asynchronous (zero developer wait time)
- HTTP/HTTPS traffic only (TCP tunnels not supported yet)
- 3-hour session timeout
- Random subdomain assignment (no custom domains yet)
- No authentication required (frictionless but less control)
- Paid tiers with extended session times (up to 24 hours)
- Custom domain support (CNAME)
- TCP tunnel support (not just HTTP/HTTPS)
- Persistent URLs with authentication
- CLI tool for management
- Tunnel analytics dashboard
- Team collaboration features
- API for programmatic access
- π§ Email: support@xpos.dev
- π Bug Reports: GitHub Issues
- π Website: xpos.dev
Made with β€οΈ by codeseasy
Visit xpos.dev to get started.