porta-rs-0.1.1 is not a library.
Porta
Expose your local services to the internet. No public IP needed.
Porta lets you share apps running on your local machine with anyone on the internet - even if you're behind CGNAT, a firewall, or a double NAT.
Your laptop behind CGNAT Your friend on the internet
│ │
▼ ▼
localhost:3000 ──── WireGuard ──── vps.example.com:3000
│ │
Your app Their browser
Who is this for?
| You | Problem | How Porta helps |
|---|---|---|
| Home lab enthusiast | Want to access your services remotely | Expose them through a cheap VPS |
| Developer | Need to demo an app to a client | Share localhost instantly |
| Gamer | Want to host a server behind NAT | Open ports without port forwarding |
| Self-hoster | IPv4 CGNAT blocks incoming connections | Bypass it with a tunnel |
| Small business | No static IP for your office server | Use a VPS as a public entry point |
Why Porta?
| Feature | Description |
|---|---|
| Zero config | Interactive wizard sets everything up for you |
| Secure by default | All traffic encrypted via WireGuard |
| One command | porta add-port --remote 80 --local 3000 and you're done |
| No IP needed | Works behind CGNAT, carrier-grade NAT, or firewalls |
| Any protocol | HTTP, HTTPS, SSH, WebSocket, gaming servers, DNS - anything TCP/UDP |
| Firewall aware | Automatically creates UFW rules on the server |
Use cases
Share your web app with a client
# Your app runs on localhost:3000
# In another terminal, expose it
# Send them: http://your-vps-ip:8080
Access your home server remotely
# SSH into your home machine through the tunnel
# Porta forwards VPS:2222 → home:22
Host a game server behind NAT
# Minecraft on port 25565
Run a DNS server
# Pi-hole or custom DNS
Quick start
# 1. Install
&&
# 2. Setup server (on your VPS)
# 3. Setup client (on your machine)
# 4. Add a port
# 5. Start
How it works
┌─────────────────────────────────────────────────────────────────┐
│ INTERNET │
└─────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ VPS (Public IP) │
│ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ UFW │───▶│ Porta │───▶│ WireGuard│ │
│ │ Firewall │ │ Server │ │ Tunnel │ │
│ └──────────┘ └──────────┘ └─────┬────┘ │
└──────────────────────────────────────────┼──────────────────────┘
│ encrypted
┌──────────────────────────────────────────┼──────────────────────┐
│ Your Machine (CGNAT) │ │
│ ▼ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Your App │◀───│ Porta │◀───│ WireGuard│ │
│ │ localhost│ │ Client │ │ Tunnel │ │
│ └──────────┘ └──────────┘ └──────────┘ │
└─────────────────────────────────────────────────────────────────┘
- Porta Server listens on the VPS's public IP
- Porta Client connects through an encrypted WireGuard tunnel
- Traffic flows:
Internet → VPS → Tunnel → Your machine → Your app
Commands
| Command | What it does |
|---|---|
porta setup |
Interactive setup wizard |
porta add-port |
Expose a local port to the internet |
porta remove-port |
Stop exposing a port |
porta status |
See what ports are exposed |
porta metrics |
View traffic statistics |
porta logs |
View service logs |
porta run |
Start the service |
Full documentation: docs/GUIDE.md
Requirements
- Linux (Ubuntu 20.04+, Debian 11+, Fedora 36+)
- Root access (sudo)
- WireGuard kernel module
- Two machines: one with public IP (VPS), one behind CGNAT (your machine)
Configuration
| File | Location | Purpose |
|---|---|---|
| Server config | /etc/porta/server.toml |
Server settings + allowed clients |
| Client config | ~/.config/porta/client.toml |
Client settings + port mappings |
| Server key | /etc/porta/server.key |
WireGuard private key (sensitive) |
| Client key | ~/.config/porta/client.key |
WireGuard private key (sensitive) |
Security
- WireGuard encryption: All traffic is encrypted end-to-end
- Zero trust: Commands only flow from client → server, never the reverse
- HMAC authentication: Client must authenticate to register ports
- No exposed keys: Private keys are stored separately from config
License
MIT
Warning: Porta is experimental software. Use in production at your own risk. Tested on Ubuntu 24.04.