tnnlCLI reference
Every tnnl command and flag, grouped by what it does.
Tunnel commands
| Command | Flags | What it does |
|---|---|---|
tnnl http <port> | --subdomain/-s NAME, --hostname DOMAIN | Expose a local HTTP port on a public HTTPS URL. |
tnnl tcp <port> | --remote-port N | Expose a local TCP port on a dedicated public port. |
tnnl logs [id] | — | Stream request logs for a tunnel. |
tnnl tunnels | — | List your active tunnels. |
tnnl tunnels close <id> | — | Close a tunnel. |
Account commands
| Command | Flags | What it does |
|---|---|---|
tnnl login | --api URL, --web URL, --no-browser | Authenticate and store a session. |
tnnl logout | — | End the session on this device. |
tnnl whoami | alias tnnl account | Show who you are. |
tnnl change-password | — | Change your password. |
tnnl sessions | — | List active sessions. |
tnnl sessions revoke <id> | — | Revoke one session. |
tnnl sessions revoke-others | — | Sign out every session except this device. |
tnnl delete-account | — | Permanently delete your account. |
CLI commands
| Command | What it does |
|---|---|
tnnl upgrade | Update the CLI to the latest version. |
tnnl --version | Print the installed version. |
tnnl --help | Show help. |
Shared flags for http and tcp
| Flag | What it does |
|---|---|
--server host:port | Control address of the tunnel server. |
--token | Override the saved session token. |
--no-tls | Use plaintext; matches a --no-tls server. |
--insecure | Skip TLS certificate verification — dev only. |
Environment variables
| Variable | What it does |
|---|---|
TUNNEL_SERVER | Default control address. |
TUNNEL_API_URL | Default API URL. |
TUNNEL_WEB_URL | Default web URL. |
TUNNEL_TOKEN | Override the saved session token. |
TUNNEL_NO_TLS | Use plaintext. |
TUNNEL_INSECURE | Skip TLS certificate verification. |
TNNL_NO_UPDATE_CHECK | Skip the update check. |
TNNL_NO_KEYRING | Store the token in a file instead of the OS keychain. |
Credential storage
After login, the session token is stored in your OS keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service). On headless Linux, or with TNNL_NO_KEYRING=1, it falls back to a chmod-600 file. Non-secret settings (API URL, email) live in a config file. tnnl logout clears both.
Colored output
Colored output auto-disables when not a TTY or when NO_COLOR is set.Defaults and self-hosting
Defaults point at the hosted tnnl.uz. Self-hosters override them with --server/--api/--web or the TUNNEL_* environment variables — see Self-hosting.