towonel: A Self-Hosted Tunnel That Doesn't Read Your Traffic — Erwan Leboucher
erwanleboucher.dev
Cloudflare Tunnel decrypts everything. Towonel doesn't.

So you don’t want to port-forward on your home router or have Cloudflare decrypt all your traffic? Check out Towonel.

Most open source Cloudflare Tunnel alternatives involve setting up a VPS, terminating TLS there on a reverse proxy, then setting up a Wireguard tunnel to your server at home.

Towonel is different: it does not decrypt your traffic on the VPS and you can easily share one, so not every self-hoster has to buy and maintain a VPS.

Check it out!

Mastodon link: https://gts.erwanleboucher.dev/@eleboucher/statuses/01KS4YNA2SYMSP0FSKJVNJA155

  • Decronym@lemmy.decronym.xyzBEnglish
    1·
    13 days ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    IP Internet Protocol
    LXC Linux Containers
    NAS Network-Attached Storage
    NAT Network Address Translation
    NUC Next Unit of Computing brand of Intel small computers
    SSL Secure Sockets Layer, for transparent encryption
    TCP Transmission Control Protocol, most often over IP
    TLS Transport Layer Security, supersedes SSL
    VPS Virtual Private Server (opposed to shared hosting)

    8 acronyms in this thread; the most compressed thread commented on today has 15 acronyms.

    [Thread #304 for this comm, first seen 21st May 2026, 13:30] [FAQ] [Full list] [Contact] [Source code]

  • hirihit640@sh.itjust.worksEnglish
    1·
    17 days ago

    Very cool. I personally use a double wireguard network: a wireguard vpn at home for all my services, and then since my home network is behind a double NAT and impossible to access publicly, I use a second wireguard tunnel to a VPS, to forward traffic to my internal wireguard network. The only thing the VPS can see is encrypted wireguard packets.

    Edit: it seems like this service is more for public or shared services (like a public blog), rather than private personal services, so wireguard is less of an option

  • irmadlad@lemmy.worldEnglish
    1·
    17 days ago

    It’s interesting OP. I use the evil Cloudflare Tunnels/Zero Trust, and I’m pretty much sold on it, much to the chagrin of others here. Yes, there are caveats, pros and cons. Even tho I am sold on the product, I would entertain a clone/fork/rewrite if it gave me everything that Cloudflare Tunnels/Zero Trust along with the security features. I’ll do some reading once the blog is back up.

  • PotatoesFall@discuss.tchncs.deEnglish
    0·
    17 days ago

    Oh great. So now there’s a tuwunel and a towonel and they’re completely different things.

    (tuwunel is a fork of the matrix backend conduwuit. not to be confused with continuwuity, another conduwuit fork)

    • fhoekstra@feddit.nlOPEnglish
      1·
      17 days ago

      I know, the naming isn’t ideal.

      On the bright side, you can now expose multiple tuwunel instances via a single towonel and federate with other tuwunels on other towonels for maximum uwu owo

      Which is almost what my friends and I are doing, except we’re running continuwuity instead of tuwunel.

  • EarMaster@lemmy.worldEnglish
    0·
    17 days ago

    Is the agent only available as a docker image? I quite like the option to run Cloudflare tunnels as a local service (e.g. in LXCs).

  • Deebster@infosec.pubEnglish
    01·
    17 days ago

    So I built towonel. In Rust, partly because I wanted to learn the language properly

    This bit makes me a little wary.

    • atomicbocks@sh.itjust.worksEnglish
      4·
      17 days ago

      Why? I didn’t know python until one of my clients decided they would only use it for everything going forward. It took me all of a day to start converting C# code and this was a decade before LLMs.

      Knowledge of a specific language does not reflect development skill.