TLS tunnels expose a local TCP service to the internet over an encrypted TLS connection on port 443. Unlike HTTP/s tunnels which terminate TLS at the Localtonet edge and forward plain HTTP to your server TLS tunnels pass the encrypted connection directly to your local service. Your application handles TLS itself.

Use a TLS tunnel when:

• Your service needs to present its own TLS certificate to the client (TLS passthrough)
• You're exposing a non-HTTP TCP service that already speaks TLS (e.g., a database with TLS enabled, a custom TCP server, an MQTT broker over TLS)
• You need the raw TLS stream forwarded without HTTP-level inspection

Minimum app version required: Desktop v7.6 or Mobile v9.9. Earlier versions do not support TLS tunnel creation.

1. Complete the Localtonet app installation for your operating system. (How to use Localtonet)
2. Go to the TLS Tunnel Page.
3. Select a Process Type:
   • Random SubDomain : Localtonet assigns a subdomain automatically. The URL changes on each restart.
   • Custom SubDomain : Choose your own subdomain on the selected domain.
4. Select the AuthToken registered in the Localtonet app. (My Tokens)
5. Select the Server you want your tunnel to run on.
6. Select the Domain (e.g., localto.net).
7. Enter the IP and Port your local service listens on. (e.g., IP: 127.0.0.1 Port: 4000)
8. Click Create, then press the Start button from the tunnel list.

Your tunnel is now accessible at the assigned subdomain over port 443 with TLS passthrough.

TLS vs. HTTP/s; which to use?

Most web app developers should use HTTP/s tunnels, not TLS. TLS tunnels are for cases where the local service must own the TLS handshake typically custom servers, IoT devices, or services with pinned certificates.