Homelab Remote Access
Access Home Assistant, Plex, Jellyfin, Nextcloud, Pi-hole, and Grafana from anywhere. No VPN, no dynamic DNS, no exposed ports.
You run services at home — Home Assistant, Plex, Jellyfin, Nextcloud, Pi-hole, Grafana. They work great on your local network. But the moment you leave your house, you're locked out.
Localport gives each service a public HTTPS URL with one command. No VPN, no dynamic DNS, no holes in your firewall.
Why not port forward?
- Your ISP might use CGNAT — meaning you don't have a public IP at all
- Port forwarding exposes your home IP address to the internet
- You need to manage DNS, TLS certificates, and firewall rules yourself
- It breaks every time your ISP changes your IP
Localport handles all of this. The connection is outbound from your machine, so your firewall stays closed and your IP stays hidden.
Service-by-service setup
Home Assistant
localport http 8123 --token YOUR_TOKENAccess your dashboard from your phone at https://abc123.tunnel.localport.dev.
Plex / Jellyfin
# Plex (default port 32400)
localport http 32400 --token YOUR_TOKEN
# Jellyfin (default port 8096)
localport http 8096 --token YOUR_TOKENPi-hole Admin
localport http 80 --token YOUR_TOKENNextcloud
localport http 8080 --token YOUR_TOKENGrafana
localport http 3000 --token YOUR_TOKENSSH into your home machine
localport tcp 22 --token YOUR_TOKENThen from anywhere:
ssh [email protected] -p 47266Running on a Raspberry Pi
Localport has native ARM64 builds for Raspberry Pi 4 and 5:
curl -fsSL https://get.localport.dev | sh
localport http 8123 --token YOUR_TOKENRunning as a system service
You probably don't want to keep a terminal open 24/7. Set up a systemd service so the tunnel starts on boot and reconnects automatically:
sudo tee /etc/systemd/system/localport.service << 'EOF'
[Unit]
Description=Localport Tunnel
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/usr/local/bin/localport http 8123 --token YOUR_TOKEN
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable --now localportMultiple services
Security considerations
- No inbound ports — Localport connects outbound. Your firewall stays closed.
- Home IP hidden — Traffic goes through Localport's infrastructure. Your IP isn't in DNS records.
- HTTPS by default — Valid TLS certificates on every tunnel, no cert management.
- Token rotation — Rotate tokens from the dashboard without touching your server.
- IP whitelisting (all plans) — Restrict access to specific IPs, like your office or phone's carrier.
Next steps
- TCP Tunnels — For SSH, databases, and other TCP services
- Mesh Tunnels — Access multiple devices through one tunnel
- IoT Devices — Manage a fleet of devices