FAQ

Short answers to the questions people ask most. Each answer links out to the canonical doc when there's more to say.

How does JustTunnel work?

You run justtunnel <port> on your machine. The CLI opens a long-lived WebSocket to the JustTunnel edge. Public HTTPS requests hit the edge, get framed onto that WebSocket, and your CLI proxies them to localhost. Nothing changes on your network — the CLI dials out, so there's no firewall or NAT to configure. See Tunnel anatomy for the full picture.

What does JustTunnel cost?

There's a Free tier (no card required), two individual paid tiers (Starter and Pro), and a per-seat Team plan. The dollar amounts live on the pricing page; what each tier unlocks is described in Plans; and the exact numeric caps the server enforces are in Plans and limits. If those three pages ever disagree, the API response from GET /api/plans wins.

What data does JustTunnel see?

Every request that flows through a tunnel passes through the JustTunnel edge — that's how the product works. The edge sees request method, path, headers, body, response status, and response body, in plaintext on the proxy path. Operational logs (request paths, status codes, source IPs for abuse detection) are kept on a rolling window. Passwords for password-protected tunnels are stored as bcrypt hashes only, never plaintext (see Password protection). The canonical retention windows and data-handling description live in the Privacy Policy. If you're putting traffic through a tunnel that you don't want a third party to see in transit, don't use a hosted tunneling product — that goes for any vendor in this space, not just us.

How does JustTunnel compare to ngrok or Cloudflare Tunnel?

All three put a public HTTPS URL in front of a local port. The differences are mostly product positioning, not capability:

• ngrok is the incumbent — broadest feature surface, biggest free tier limitations, enterprise pricing on the upper end.
• Cloudflare Tunnel is free and well-engineered, but it's tied to Cloudflare's stack and oriented toward Cloudflare-hosted apps rather than ad-hoc developer use.
• JustTunnel focuses on a small, predictable feature set for individual developers and small teams: simple per-seat pricing, reserved subdomains and worker tunnels on Pro+, and limits that match what the server actually enforces (see Plans and limits).

Pick whichever one fits your workflow. If you outgrow us, our docs and CLI flags should make migration straightforward.

Does my URL stay the same across restarts?

On Free and Starter, no — you get a randomized subdomain each session, and you can request a specific name per invocation but you can't hold it across restarts. On Pro and Team, you can reserve a name in the dashboard and that name stays yours across restarts and across days you don't run a tunnel. See Reserve a subdomain for the walkthrough and Subdomains for the rules per tier.

Can I password-protect a tunnel?

Yes. Pass --password on the CLI or set it per tunnel in tunnels.yaml, and the JustTunnel edge gates inbound requests with HTTP basic auth before they reach your local server. Your application never sees the auth header. Free and Starter have a cap on how many password-protected tunnels you can run at once; Pro and Team are unlimited up to your concurrent-tunnel limit. Full details in Password protection.

What happens if I hit a plan limit?

You get a structured error code — not a silent drop. Common ones: TUNNEL_LIMIT_REACHED when you try to open more concurrent tunnels than your tier allows, RESERVED_SUBDOMAIN_NOT_ALLOWED when you pass --subdomain on a tier that can't reserve names, PLAN_LIMIT_REACHED when you exceed the password-protected tunnel cap, and HTTP 429 from the edge when a single tunnel exceeds its per-minute rate limit. The full enforcement matrix is in Plans and limits; how to see your current usage is in Usage and limits.

Is JustTunnel suitable for production?

Tunnels are a development and preview tool, not a production hosting layer. A tunnel is bound to a process on a specific machine — if your laptop sleeps, the URL goes down. Worker tunnels (Pro+) keep a connection alive across reboots on a server you control, which is fine for things like a long-running webhook receiver, but the underlying machine is still yours to babysit and we don't market JustTunnel as a CDN or production application host. For real production traffic, deploy your app to a real host and put a real domain in front of it.

Can I use my own domain (e.g. tunnel.mycompany.com)?

Not today. JustTunnel issues subdomains under justtunnel.dev, and reserved subdomains on Pro+ stay under that root. Custom domains aren't a shipped feature — if it's a hard requirement for you, open an issue and tell us what your use case is. That's the most useful signal we get for prioritizing it.

Can I self-host JustTunnel?

We don't offer a self-hosted distribution today. The server, edge, and abuse-triage pipeline are all run by us; the open-source bits are the CLI and the docs you're reading. If self-hosting is a hard requirement — typically for compliance or air-gapped environments — reach out and tell us about your situation. We're not opposed to it; it just isn't a 2026 priority.

How does the abuse policy work?

JustTunnel runs a detection pipeline against traffic flowing through tunnels to catch phishing kits, credential-harvest patterns, and a small set of other well-characterized abuse signatures. Detection is observational on the request path — your traffic isn't filtered or modified — and enforcement, when it happens, is at the tunnel or account level, not per-request. Policy text lives in the Terms and Privacy Policy. For specific suspensions or appeals, contact support with the tunnel name and approximate time.

How do I get help?

Primary support is on GitHub. Open an issue describing what you tried, what you expected, and what happened — include the CLI version (justtunnel --version) and the tunnel subdomain when relevant. For most problems, Troubleshooting covers the answer faster than a round trip with us.

Still stuck?

If your question isn't covered here, check Troubleshooting for the most common errors, or open an issue.