# HTTPS Tunnels

Make your localhost web application or web server go online, by creating a HTTPS tunnel using the SocketXP agent. Here is the SocketXP command to create a HTTPS public web URL for your web application or server.

$ socketxp connect http://localhost:8000

Public URL -> https//john-adfadsf234234.socketxp.com

Where 8000 is the tcp port at which your localhost web application is listening for HTTP requests. Use the public URL provided in the output above to access your localhost web application from anywhere in the internet.


Note the https in the SocketXP public URL created above. Even though the localhost web application doesn't have the capabilities to encrypt the data it transfers, meaning, it is just a plain HTTP server and not a HTTPS server, SocketXP provides the additional SSL encryption support on behalf of the localhost web application.

Security Info:

SocketXP always encrypts the data while transmitting over the internet. We never send anything unencrypted over the internet. Customer data security is at the heart and soul of our business.

Only the data exchanged between SocketXP agent and your local web application will be a clear-text data transfer(because your web application doesn’t support HTTPS). Also this data transfer happens within the realm of your local server or local network.

# HTTPS Tunnels for HTTPS web applications

If your web application has the capabilities to encrypt and decrypt HTTP traffic using its own SSL certificate and private key, then you could create a SocketXP HTTPS tunnel, as shown below.

$ socketxp connect https://localhost:8000

Public URL -> https// john-gmail-com-234234.socketxp.com

Now the data exchanged between SocketXP agent and your localhost web application will also be encrypted, in addition to the data transferred over the internet. This capability is extremely important if your local network is unsafe for clear-text data transfer.

# HTTPS Tunnels with Custom Subdomain

SocketXP public URLs with random subdomain name (your email-id plus some random string) is good for quick testing. But for production or for sharing your URL publicly with others, it is nice to have a subdomain that makes sense and easy to remember.

Use the --subdomain option in the above socketxp connect command to get a SocketXP public URL with your preferred subdomain name.

$ socketxp connect http://localhost:3000 --subdomain database

Public URL -> https://database.socketxp.com


Subdomains are assigned to users from a free pool of available subdomains. Subdomains are not reserved resources. It will be recycled automatically if it was found not being used by a user.

# HTTPS Tunnels with White-Label Domains

Instead of your tunnel's public URL appearing as a subdomain of socketxp.com domain, you could run your HTTP tunnels on your own domain(white-label domain). It’s a two step process.

First, execute the following SocketXP command to create a HTTP tunnel, for example, over devops.example.com as shown below:

$ socketxp connect --white-label-domain devops.example.com http://localhost:5000

Public URL -> https//john-abc235637.socketxp.com

Next, use the above SocketXP public URL to create a DNS CNAME record for devops.example.com and point it to john-abc235637.socketxp.com. Please check with your Domain Name or DNS provider (Eg: GoDaddy, Namecheap or others) on how to configure a DNS CNAME record for your custom domain.

Thereafter, you could use your custom domain URL https://devops.example.com to access your web service. All HTTP requests going to domain devops.example.com will be redirected by your DNS provider to john-abc235637.socketxp.com. SocketXP Cloud Gateway will handle the HTTP requests and tunnel the HTTP requests to your local web service.

# Sample config file:

Here is a sample config file with a subdomain and custom_domain or whitelabel domain.

$ cat /etc/socketxp/config.json

  "tunnels" : [
      "destination": "http://localhost:5000",
      "subdomain": "database",
      "custom_domain": "devops.example.com"

Security Info:

The data transferred through HTTPS tunnel is encrypted hop-by-hop and not end-to-end. Meaning, SocketXP Cloud Gateway will terminate the HTTPS tunnel using its SSL certificate and private key first before forwarding the data over the other HTTPS tunnel towards the SocketXP agent and eventually towards your HTTPS web application.