opentunnel-cli 1.0.28 → 1.0.30

package/README.md

@@ -208,10 +208,11 @@ tunnels:
 **Server options:**
 - `-d, --detach` - Run in background
 - `--domain <domain>` - Server domain
-- `--port <port>` - Listen port (default: 8080)
+- `--port <port>` - Listen port (default: 443)
 - `--auth-tokens <tokens>` - Comma-separated auth tokens
 - `--letsencrypt` - Enable Let's Encrypt SSL
 - `--cloudflare-token` - Cloudflare API token for DNS
+- `--no-http-redirect` - Disable automatic HTTP→HTTPS redirect on port 80
 
 **Client options:**
 - `-s, --server <url>` - Server URL

package/dist/cli/index.js

@@ -238,7 +238,7 @@ program
     .name("opentunnel")
     .alias("ot")
     .description("Expose local ports to the internet via custom domains, ngrok, or Cloudflare Tunnel")
-    .version("1.0.28");
+    .version("1.0.30");
 // Helper function to build WebSocket URL from domain
 // User only provides base domain (e.g., fjrg2007.com), system handles the rest
 // Note: --insecure flag only affects certificate verification, not the protocol
@@ -316,11 +316,12 @@ program
             basePath: basePath || "op",
             tunnelPortRange: { min: 10000, max: 20000 },
             selfSignedHttps: { enabled: true },
+            httpRedirect: true,
             auth: options.token ? { required: true, tokens: [options.token] } : undefined,
         });
         try {
             await localServer.start();
-            console.log(chalk_1.default.green(`✓ Server running on port ${serverPort}\n`));
+            console.log(chalk_1.default.green(`Server running on port ${serverPort}\n`));
         }
         catch (err) {
             console.log(chalk_1.default.red(`Failed to start server: ${err.message}`));
@@ -550,6 +551,7 @@ program
             basePath: basePath || "op",
             tunnelPortRange: { min: 10000, max: 20000 },
             selfSignedHttps: { enabled: true },
+            httpRedirect: true,
             auth: options.token ? { required: true, tokens: [options.token] } : undefined,
         });
         await localServer.start();
@@ -835,6 +837,7 @@ program
     .option("--tcp-max <port>", "Maximum TCP port")
     .option("--auth-tokens <tokens>", "Comma-separated auth tokens")
     .option("--no-https", "Disable HTTPS (use plain HTTP)")
+    .option("--no-http-redirect", "Disable HTTP→HTTPS redirect on port 80 (enabled by default)")
     .option("--https-cert <path>", "Path to SSL certificate (for custom certs)")
     .option("--https-key <path>", "Path to SSL private key (for custom certs)")
     .option("--letsencrypt", "Use Let's Encrypt instead of self-signed (requires port 80)")
@@ -891,6 +894,7 @@ program
         dymoBlockHosting: options.dymoBlockHosting ?? fileConfig.dymo?.blockHosting ?? false,
         dymoCache: options.dymoCache ?? fileConfig.dymo?.cacheResults ?? true,
         dymoCacheTtl: options.dymoCacheTtl ? parseInt(options.dymoCacheTtl) : (fileConfig.dymo?.cacheTTL ?? 300),
+        httpRedirect: options.httpRedirect !== false,
         detach: options.detach,
     };
     // Detached mode - run in background
@@ -997,6 +1001,8 @@ program
             args.push("--dymo-block-proxies");
         if (mergedOptions.dymoBlockHosting)
             args.push("--dymo-block-hosting");
+        if (mergedOptions.httpRedirect === false)
+            args.push("--no-http-redirect");
         const out = fsAsync.openSync(logFile, "a");
         const err = fsAsync.openSync(logFile, "a");
         const child = spawn(process.execPath, [process.argv[1], ...args], {
@@ -1127,6 +1133,7 @@ program
         https: httpsConfig,
         selfSignedHttps: selfSignedHttpsConfig,
         autoHttps: autoHttpsConfig,
+        httpRedirect: mergedOptions.httpRedirect,
         autoDns: detectDnsConfig(mergedOptions)
     });
     // Helper function to auto-detect DNS provider
@@ -1802,7 +1809,15 @@ program
     const isClientMode = mode === "client";
     const isServerMode = mode === "server";
     const isHybridMode = mode === "hybrid";
-    if (!hasDomainConfig && !remote) {
+    // Check if using external provider (cloudflare/ngrok) which doesn't need domain/remote
+    const globalProvider = config.provider || "opentunnel";
+    const isExternalProvider = globalProvider === "cloudflare" || globalProvider === "ngrok";
+    // Also check if all tunnels use external providers
+    const allTunnelsExternal = hasTunnels && tunnelsToStart.every(t => {
+        const provider = t.provider || globalProvider;
+        return provider === "cloudflare" || provider === "ngrok";
+    });
+    if (!hasDomainConfig && !remote && !isExternalProvider && !allTunnelsExternal) {
         console.log(chalk_1.default.red("Missing configuration."));
         console.log(chalk_1.default.gray("\nAdd to your config:"));
         console.log(chalk_1.default.cyan("\n  # Run your own server:"));
@@ -1811,8 +1826,33 @@ program
         console.log(chalk_1.default.cyan("\n  # Or connect to a remote server:"));
         console.log(chalk_1.default.white("  server:"));
         console.log(chalk_1.default.white("    remote: example.com"));
+        console.log(chalk_1.default.cyan("\n  # Or use an external provider:"));
+        console.log(chalk_1.default.white("  provider: cloudflare  # or ngrok"));
         process.exit(1);
     }
+    // External provider mode: skip OpenTunnel server, use cloudflare/ngrok directly
+    if ((isExternalProvider || allTunnelsExternal) && !hasDomainConfig && !remote) {
+        if (!hasTunnels) {
+            console.log(chalk_1.default.red("No tunnels configured."));
+            console.log(chalk_1.default.gray("\nAdd tunnels to your config:"));
+            console.log(chalk_1.default.white("  tunnels:"));
+            console.log(chalk_1.default.white("    - name: web"));
+            console.log(chalk_1.default.white("      protocol: http"));
+            console.log(chalk_1.default.white("      port: 80"));
+            process.exit(1);
+        }
+        console.log(chalk_1.default.cyan(`Starting ${tunnelsToStart.length} tunnel(s) via ${globalProvider}...\n`));
+        try {
+            await startTunnelsFromConfig(tunnelsToStart, "", undefined, true, config);
+            console.log(chalk_1.default.gray("\nPress Ctrl+C to stop"));
+            // Keep running
+            await new Promise(() => { });
+        }
+        catch (error) {
+            console.log(chalk_1.default.red(`Failed to start tunnels: ${error.message}`));
+            process.exit(1);
+        }
+    }
     if (isClientMode) {
         // CLIENT MODE: Connect to remote server
         // Build URL using basePath (default: op) -> wss://op.example.com/_tunnel
@@ -1888,6 +1928,7 @@ program
                 max: tcpMax,
             },
             selfSignedHttps: useHttps ? { enabled: true } : undefined,
+            httpRedirect: useHttps, // Enable HTTP redirect when using HTTPS
             // In hybrid mode, auth is not needed for localhost. For remote clients, still require token.
             auth: config.server?.token && !isHybridMode ? { required: true, tokens: [config.server.token] } : undefined,
             dymo: config.server?.dymo,
@@ -2643,8 +2684,16 @@ async function startTunnelsFromConfig(tunnels, serverUrl, token, insecure, globa
     for (const tunnel of cloudflareTunnels) {
         const spinner = (0, ora_1.default)(`Creating Cloudflare tunnel: ${tunnel.name}...`).start();
         const cfHostname = tunnel.cfHostname || globalConfig?.cloudflare?.hostname;
-        // For Cloudflare: subdomain = tunnel name
+        // For Cloudflare: subdomain = tunnel name (for named tunnels)
         const cfTunnelName = tunnel.subdomain || globalConfig?.cloudflare?.tunnelName;
+        // Validate: named tunnels require cfHostname for public access
+        if (cfTunnelName && !cfHostname) {
+            spinner.fail(`${tunnel.name}: Named tunnel '${cfTunnelName}' requires cfHostname`);
+            console.log(chalk_1.default.gray(`  Add to your config:`));
+            console.log(chalk_1.default.white(`    cfHostname: ${cfTunnelName}.yourdomain.com`));
+            console.log(chalk_1.default.gray(`  Or remove 'subdomain' for a quick tunnel with random URL`));
+            continue;
+        }
         // Merge IP access config: tunnel-specific > global security > none
         const { IpFilter } = await Promise.resolve().then(() => __importStar(require("../shared/ip-filter")));
         const ipAccess = IpFilter.mergeConfigs(globalConfig?.security?.ipAccess, tunnel.ipAccess);
@@ -2656,6 +2705,13 @@ async function startTunnelsFromConfig(tunnels, serverUrl, token, insecure, globa
         });
         try {
             await client.connect();
+            // Auto-route DNS if using named tunnel with hostname
+            if (cfTunnelName && cfHostname) {
+                const routeResult = await CloudflareTunnelClient_1.CloudflareTunnelClient.routeDns(cfTunnelName, cfHostname);
+                if (!routeResult.success && !routeResult.error?.includes("already exists")) {
+                    spinner.warn(`${tunnel.name}: DNS routing failed: ${routeResult.error}`);
+                }
+            }
             const { tunnelId, publicUrl } = await client.createTunnel({
                 protocol: tunnel.protocol,
                 localHost: tunnel.host || "localhost",