Custom domains

Serve a tunnel on a domain you own, with automatic HTTPS and no certificate setup.

Serve on your own domain

Pass --hostname with the domain you want to serve the tunnel on:

$ tnnl http 3000 --hostname example.com
  Add this DNS record: example.com.  A  203.0.113.10
  Tunnel ready → https://example.com

Point the domain at the server

Add a DNS A recordfor the domain that points to the server's public IP. The CLI prints the exact record to add and verifies whether DNS already points correctly.

Apex domains (example.com) need an A record.
A sub-host like www.example.com can instead use a CNAME to tnnl.uz.

HTTPS is automatic

The certificate is issued on the first request via on-demand TLS — no setup, and it's auto-renewed. Issuance is gated server-side so a certificate is only minted for a host that is an active tunnel: you cannot make the server issue certs for domains you are not tunneling.

Certificates for custom domains use the standard HTTP-01 / TLS-ALPN-01 challenge, since custom domains are not in the tnnl.uz wildcard zone.

The cert is (re)issued while a tunnel for that host is active; once issued it is cached and keeps working. The first request to a brand-new domain has a brief issuance delay.

Tip

DNS must point at the server before the first visit so the certificate can be issued.

Limits

Custom-domain tunnels count toward your tunnel limit (see Limits & permissions).