Skip to content
/ private-connect Public

Securely connect and access private services across any environment, no VPNs, no firewall rules.

privateconnect.co

License

View license
29 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

treadiehq/private-connect

BranchesTags

Repository files navigation

Private Connect

Access private services by name from anywhere. No VPN setup, no firewall rules, no port forwarding.

Private Connect is Tailscale for services, not networks. Access your databases, APIs, and internal services with a simple command like connect prod-db, no VPN configuration or SSH tunnels required.

Example: Have a local database but need to access it from another machine? On your local machine: connect expose localhost:5432 --name my-db. From anywhere: connect reach my-db. Yes, this solves that problem—no port forwarding, no firewall rules, no changing localhost to 0.0.0.0. Works with Tailscale.

  • Access by name: connect prod-db instead of remembering IPs or ports
  • Onboard teammates in 30 seconds: connect clone alice gives them your exact setup
  • Share instantly: connect share → teammate runs connect join, same environment
  • Works with any infrastructure: AWS, exe.dev, DigitalOcean, your local machine, or anywhere—works regardless of where services run
  • Solves a daily problem: Access private services is something you need constantly, not just when setting up infrastructure
  • No port conflicts: Services stay connected via background daemon
  • Bidirectional: Access remote services, not just expose local ones (unlike ngrok)
  • Private by default: Workspace isolation, not public URLs

Quick Start

# Test connectivity (no signup)
npx private-connect test db.internal:5432

# Quick tunnel (no signup, 2hr expiry)
npx private-connect tunnel 3000
# → https://abc123.privateconnect.co

# Install for permanent tunnels
curl -fsSL https://privateconnect.co/install.sh | bash

# Authenticate once
connect up

# Use
connect 5432                     # Expose a service
connect prod-db                  # Access a service
connect 5432 --share             # Get a shareable link

What It Does

You want to... Command
Quick tunnel (no signup) npx private-connect tunnel 3000
Expose a service connect 5432
Access a service connect prod-db
Share with a teammate connect 5432 --share
Clone a teammate's setup connect clone alice
Delete a service connect delete my-service
Check status connect status

Everything is automatic: auto-naming, background daemon, local DNS.

Quick tunnels show your actual website at the public URL - perfect for demos and testing.

How It Works

┌─────────────────┐         ┌───────┐         ┌─────────────────┐
│   Your Server   │────────▶│  Hub  │◀────────│   Your Laptop   │
│                 │         └───────┘         │                 │
│ connect :5432   │                           │ connect prod-db │
└─────────────────┘                           └─────────────────┘

Run an agent on each machine. Expose services from one, access from another.

Key Features:

  • Zero Configuration - No VPN setup, no firewall rules, no port forwarding
  • Secure - End-to-end encrypted tunnels with audit logging
  • Live Debugging - Real-time traffic inspection with AI-powered analysis
  • Team Collaboration - Share services instantly with connect share or clone teammate setups
  • Works Everywhere - Works on top of Tailscale, VPN, or plain internet
  • Open Source - Self-hostable hub, inspect and modify the code
  • Service-Level - Access services by name, not IP addresses or random URLs

Install

curl -fsSL https://privateconnect.co/install.sh | bash

Automated/Non-interactive

For scripts, CI/CD, VM provisioning (exe.dev, cloud-init, etc.):

curl -fsSL https://privateconnect.co/install.sh | bash -s -- \
  --non-interactive \
  --api-key=YOUR_KEY \
  --daemon \
  --expose-openclaw

See scripts/exe-dev-openclaw.md for exe.dev one-click setup (OpenClaw gateway), or scripts/cloud-init-openclaw.yaml for VPS provisioning.

From source

git clone https://github.com/treadiehq/private-connect.git
cd private-connect && pnpm install
cd apps/agent && pnpm run build:binary

Control API

Full REST API for programmatic control. Interactive docs available at /docs when running the API.

# List tunnels
curl -H "x-api-key: pc_xxx" https://api.privateconnect.co/v1/tunnels

# Get audit logs
curl -H "x-api-key: pc_xxx" https://api.privateconnect.co/v1/audit

# Create webhook
curl -X POST -H "x-api-key: pc_xxx" \
  -d '{"url":"https://example.com/hook","events":["tunnel.created"]}' \
  https://api.privateconnect.co/v1/webhooks

See DETAILED.md#control-api for full API reference.

Ask (try any service)

Paste a URL or hostname and a question; we run read-only checks (e.g. /health, /status, /version) and return an answer. No signup. If unreachable, you're guided to enable Private Connect.

  • Web: http://localhost:3000/ask · API: POST /v1/ask with { "service": "http://localhost:9000", "question": "Is it healthy?" }

  • Run: pnpm dev then open /ask. Optional: pnpm demo:server for a target on :9000.

  • LLM (optional): In apps/api/.env set ASK_LLM_PROVIDER, ASK_LLM_MODEL, ASK_LLM_API_KEY (or ASK_LLM_OLLAMA_URL for Ollama). Falls back to stub if unset or on failure.

curl -s -X POST http://localhost:3001/v1/ask -H "Content-Type: application/json" \
  -d '{"service":"http://localhost:9000","question":"Is it healthy?"}'

Links

Comparisons

Automation Scripts

Community

Discord

License

FSL-1.1-MIT

About

Securely connect and access private services across any environment, no VPNs, no firewall rules.

privateconnect.co

Topics

open-source networking zero-trust secure-tunneling service-connectivity

Resources

Readme

License

View license

Security policy

Security policy
Activity
Custom properties

Stars

29 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 46

v0.5.8 Latest
Feb 4, 2026
+ 45 releases

Packages

No packages published

Contributors 2

Languages