SteadIP - Free & awesome HTTP/HTTPS tunnels for your homelab

by
SteadIP provides free HTTP/HTTPS tunnels powered by frp. Expose local web apps, APIs, dashboards, webhooks, and homelab services behind NAT or CGNAT with a public HTTPS URL.

Add a comment

Replies

Best
It originally started as a paid “dedicated IPv4 over WireGuard” service. The idea was simple: give homelab users, developers, and small businesses a stable public IPv4 address even if they were behind CGNAT, dynamic IP, or a restrictive ISP. After working on it for a while, I decided to refactor the whole thing into something much simpler and more useful: SteadIP is now 100% free FRP tunnels. The goal is to make it easy to expose local services to the internet without needing to buy a VPS, configure WireGuard, fight with port forwarding, or deal with ISP limitations.

Finally a NAT traversal tool that actually works with my home setup — set it up in a few minutes, no port forwarding, and HTTPS just worked through my ISP's CGNAT.

How does the HTTPS cert piece work if my server is sitting behind CGNAT with no public DNS pointing at it?

 the ssl certificate is automatically provided by cloudflare for every random free subdomain. For our verified users, we provide automatic certbot ssl certificates for custom domains.

How does the HTTPS piece actually work without me needing to front a cert myself — do you terminate TLS on your edge and re-encrypt to my origin, or is it more like a tunnel that streams the raw connection through?

 For HTTP/HTTPS tunnels, SteadIP terminates TLS at the edge/gateway.

So the public side looks like this:

Browser
  -> HTTPS to your-public-name.steadip.com
  -> SteadIP edge/gateway terminates TLS
  -> traffic is forwarded through the tunnel to your local service

Your local service does not need to run HTTPS or provide a public certificate. It can just listen on plain HTTP, for example:

and SteadIP exposes it publicly as:

So it is not raw TLS passthrough for normal HTTP/HTTPS tunnels. SteadIP handles the public HTTPS certificate and forwards the HTTP request to your local origin through the frp tunnel.

For custom domains, the same idea applies: the public TLS certificate is handled at the edge, then the request is forwarded through the tunnel. You do not need to install certbot or manage certificates on your local machine.

For raw TCP tunnels, that is different. TCP tunnels behave more like raw port forwarding: SteadIP does not inspect or terminate the application protocol. If you run your own TLS service over a TCP tunnel, then your service is responsible for its own TLS certificate.

The way it handles CGNAT without any router config is genuinely clever, and the setup flow feels refreshingly low-friction for once.