Expose any stdio-based MCP server (like @browsermcp/mcp) to the internet via HTTP/SSE transport. Perfect for remote agents that need to access MCP tools over a network.
- 🌐 Standard MCP SSE Transport - Follows MCP HTTP transport specification
- 🔐 API Key Authentication - Secure access with Bearer token
- 🚀 Multiple Exposure Options - Tailscale, ngrok, Cloudflare Tunnel
- 🔄 Session Management - Multiple concurrent sessions supported
- 📦 Works with any MCP server - Defaults to
@browsermcp/mcp
npm installcp .env.example .env
# Edit .env to set your API keyGenerate a secure API key:
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"npm run build
npm startOr for development:
npm run dev| Endpoint | Method | Description |
|---|---|---|
/sse |
GET | Establish SSE connection (returns endpoint URL) |
/message?sessionId=xxx |
POST | Send JSON-RPC messages |
/health |
GET | Health check (no auth required) |
/sessions |
GET | List active sessions (auth required) |
Tailscale provides secure, private access without exposing to the public internet.
# Install Tailscale if not already installed
# Then serve via Tailscale
tailscale serve --bg --http 3000Or use your Tailscale IP directly:
tailscale status # Find your Tailscale IPYour MCP server will be available at:
https://your-machine.tailnet-name.ts.net(via serve)http://your-tailscale-ip:3000(direct IP)
Use from your agent:
{
"mcpServers": {
"browser-remote": {
"url": "http://your-tailscale-ip:3000/sse",
"headers": {
"Authorization": "Bearer your-api-key"
}
}
}
}# Install ngrok if not already installed
ngrok http 3000ngrok will provide a public URL like https://abc123.ngrok.io.
# Install cloudflared if not already installed
cloudflared tunnel --url http://localhost:3000- Client GETs
/sse- Server creates session, sendsendpointevent with message URL - Client POSTs to
/message?sessionId=xxx- Server forwards JSON-RPC to MCP process - Server streams responses - MCP responses sent as SSE
messageevents
curl http://localhost:3000/healthResponse:
{
"status": "healthy",
"sessions": 0,
"uptime": 10.5,
"transport": "sse",
"endpoints": {
"sse": "/sse (GET - establishes SSE connection)",
"message": "/message?sessionId=xxx (POST - send JSON-RPC messages)"
}
}const eventSource = new EventSource('http://localhost:3000/sse', {
headers: { 'Authorization': 'Bearer your-api-key' }
});
eventSource.addEventListener('endpoint', (e) => {
console.log('Message endpoint:', e.data);
// e.data = "/message?sessionId=xxx"
});
eventSource.addEventListener('message', (e) => {
console.log('MCP response:', JSON.parse(e.data));
});curl -X POST "http://localhost:3000/message?sessionId=your-session-id" \
-H "Authorization: Bearer your-api-key" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'| Environment Variable | Description | Default |
|---|---|---|
PORT |
Server port | 3000 |
HOST |
Host to bind to | 0.0.0.0 |
MCP_API_KEY |
API key for authentication | (none) |
MCP_COMMAND |
Command to run MCP server | npx |
MCP_ARGS |
JSON array of arguments | ["@browsermcp/mcp@latest"] |
You can use this proxy with any stdio-based MCP server:
# Example: Use a custom MCP server
MCP_COMMAND=node
MCP_ARGS=["/path/to/your/mcp-server/dist/index.js"]
# Example: Use Python MCP server
MCP_COMMAND=python
MCP_ARGS=["-m", "your_mcp_server"]- Always use API key authentication when exposing to the internet
- Use HTTPS (Tailscale, ngrok, and Cloudflare all provide this)
- Tailscale is recommended for private access within your tailnet
- Rotate API keys periodically
- Monitor sessions via
/sessionsendpoint
Check the console logs for errors. The MCP server stderr is forwarded to the proxy's console.
- Ensure server is running:
curl http://localhost:3000/health - Check Tailscale connectivity:
tailscale status
- Check the API key in
.envmatches your request header - Ensure "Bearer " prefix is included in Authorization header
- Ensure you're connecting to
/sseendpoint (not just base URL) - Check that Authorization header is sent with GET request too
MIT