I Built My Own Tunneling Platform

I spent three days polishing a web app on my laptop. It looked perfect. Then I tried testing it on my phone. Everything broke.

Local development gets messy when you need a second device. Sharing a local IP fails because of firewalls and HTTPS certificate issues.

I tried Ngrok. It works, but the free tier drops connections. The URLs also look terrible. Random strings like a1b2-34-56.ngrok-free.app are bad for sharing with clients or teams.

I wanted a tunnel with clean, readable URLs. So I built my own.

I combined a custom tunnel with a URL shortener. I added AI to create smart slugs and built in security protections.

The tech stack: • Tunnel / Proxy: Django Channels, Daphne, WebSockets, Python & Node.js CLI • Frontend: Next.js, TailwindCSS, Shadcn/UI • Backend: Django 5, Graphene GraphQL • Database: PostgreSQL (Neon) • Auth: JWT, bcrypt • AI: Google Gemini • Security: MaxMind GeoLite2, Google Safe Browsing API

How it works:

  • Bi-directional WebSocket tunneling. A local CLI agent connects to a Django server to forward HTTP requests.
  • Race-condition protection. I use Django F() expressions for atomic updates to keep analytics accurate.
  • Non-blocking telemetry. Lookups for location and OS run in background threads to keep latency low.
  • AI slugs. Gemini reads the target URL to create a meaningful slug instead of random text.
  • Proactive security. I block private IP ranges and run Google Safe Browsing checks before saving any link.

The backend and tunneling logic are stable. The frontend is still a work in progress.

I am currently studying for exams at IITM. I am pausing new features to focus on my studies. Instead of letting the code sit, I am opening it for review.

I need your feedback on a few things:

  • Latency: How can I keep redirects under 10ms at high scale?
  • Security: What is the best way to harden SSRF mitigation?
  • Scalability: Should I use WebSockets or TCP for long-lived tunnels?
  • Observability: Which metrics should I track for tunnel health?

If you have experience with proxy workers or system design, please share your thoughts.

Full system design breakdown: [Link] Codebase: [Link]

How do you handle testing mobile permissions during local development? Do you use third-party tunnels or custom tools?

Source: https://dev.to/zallu/my-ngrok-urls-got-so-ugly-i-built-my-own-tunneling-platform-instead-59d