Web Developer Workflow
Expose local services, share live previews, receive webhooks, and add E2EE — all from one CLI tool.
1. Expose a Local Dev Server
Start your development server as usual, then tunnel it through nfltr:
# Start your app
npm run dev # localhost:3000
# In another terminal — expose it
nfltr http 3000You get two URLs immediately:
- Browse URL —
https://nfltr.xyz/browse/your-agent/(permanent, tied to your agent name) - Share URL —
https://vivid-hawk.nfltr.xyz/(memorable two-word subdomain)
Named agents for stable URLs
# Same URL every time you start
nfltr http 3000 --name my-frontendNow https://nfltr.xyz/browse/my-frontend/ always points to your dev server.
Multi-backend routing
# Route /api to backend (port 8080), everything else to frontend (port 3000)
nfltr http 3000 --route /api=8080
# Multiple backends
nfltr http 3000 --route /api=8080 --route /ws=40002. Share with Teammates
Every tunnel gets a public share URL by default. Share it via Slack, email, or PR comment:
# Share is on by default
nfltr http 3000
# → Share URL: https://vivid-hawk.nfltr.xyz/
# Password-protect the share URL
nfltr http 3000 --share-auth reviewer:s3cret
# IP-restrict to your office
nfltr http 3000 --share-ip-allowlist 203.0.113.0/24Quick file/text sharing
# Share a build artifact
nfltr share ./dist/app.zip
# Share text (error messages, logs, config snippets)
nfltr share "Error: ECONNREFUSED on port 5432"
# Pipe command output
git diff | nfltr share
# Auto-expire after 30 minutes
nfltr share ./secret.env --expire 30m --share-auth admin:pass3. Receive Webhooks
Stripe, GitHub, Twilio, and other services need a public URL for webhooks. Point them at your share URL:
# Start tunnel with verbose logging to see every webhook
nfltr http 3000 --name webhook-dev --verboseConfigure the provider to send webhooks to your share URL (e.g., https://vivid-hawk.nfltr.xyz/webhooks/stripe).
Replay captured webhooks
# Record incoming requests
nfltr http 3000 --record webhooks.jsonl
# Later, replay them against your updated code
nfltr replay webhooks.jsonl --target http://localhost:30004. Add E2EE (End-to-End Encryption)
By default, traffic is TLS-encrypted between your agent and the server (like ngrok). Add --e2ee to upgrade:
# E2EE mode — your agent terminates TLS, server can't read traffic
nfltr http 3000 --e2ee
# With a custom certificate
nfltr http 3000 --e2ee-cert server.crt --e2ee-key server.key
# With Let's Encrypt (trusted by browsers)
nfltr http 3000 --e2ee --acme-domain myapp.e2ee.nfltr.xyzIn E2EE mode, the server routes by SNI hostname only — it sees encrypted TLS bytes but cannot decrypt them.
Use --e2ee when tunneling sensitive data (PII, credentials, financial data) or when compliance requires the relay to have zero access to plaintext. For routine dev work, standard TLS transport is fine.
5. Expose Multiple Services
# Terminal 1: Frontend
nfltr http 3000 --name frontend
# Terminal 2: Backend API
nfltr http 8080 --name backend-api
# Terminal 3: File server for docs
nfltr serve ./docs --name project-docs
# Terminal 4: Live log streaming
nfltr tail ./app.log --name app-logsAll four services get their own URLs and appear in the dashboard.
6. HTTPS Local Services
# Your local service uses HTTPS with a self-signed cert
nfltr http https://localhost:3443
# Skip certificate verification for self-signed certs
nfltr http https://localhost:3443 --insecure-skip-verifyCheat Sheet
| Task | Command |
|---|---|
| Expose port 3000 | nfltr http 3000 |
| Stable URL | nfltr http 3000 --name myapp |
| Password-protect share | nfltr http 3000 --share-auth user:pass |
| Multi-backend routing | nfltr http 3000 --route /api=8080 |
| E2EE tunnel | nfltr http 3000 --e2ee |
| Quick file share | nfltr share ./file.zip |
| Verbose webhook logging | nfltr http 3000 --verbose |
| Auto-stop after 1 hour | nfltr http 3000 --duration 3600 |
Next Steps
- HTTP Tunnels — full feature reference
- Share URLs — access control, two-word subdomains
- End-to-End Encryption — TLS passthrough, WireGuard, P2P
- Postman + nfltr — API testing workflow