How It Works
Porthole uses a robust relay-only architecture to bridge the gap between your local machine and the public internet.
Architecture Overview
Section titled “Architecture Overview”The system consists of three main components:
- The Client: The CLI running on your local machine.
- The Relay: A high-performance server that routes public traffic.
- The Connection: A persistent WebSocket tunnel established by the client to the relay.
The Tunneling Process
Section titled “The Tunneling Process”1. Connection Establishment
Section titled “1. Connection Establishment”When you start a tunnel, the Porthole client initiates a secure WebSocket connection to the relay server. This connection serves as the control plane and data pipe for all incoming traffic.
2. Traffic Routing
Section titled “2. Traffic Routing”The relay server listens on a unique subdomain. When a request hits this subdomain:
- The relay captures the request.
- The request is serialized and sent over the WebSocket connection to your local client.
- The client forwards the request to your local service.
3. Response Cycle
Section titled “3. Response Cycle”Your local service processes the request and returns a response to the client. The client sends this response back through the WebSocket tunnel to the relay, which then delivers it to the original requester.
WebSocket Support
Section titled “WebSocket Support”Porthole is designed to handle WebSocket traffic natively. When an “Upgrade” request is detected:
- The relay promotes the connection to a persistent stream.
- The client establishes a corresponding WebSocket connection to your local service.
- Bi-directional data flows seamlessly through the tunnel.
Security
Section titled “Security”- TLS Encryption: All traffic between the public internet and the relay, and between the relay and the client, is encrypted using TLS.
- No Inbound Ports: You don’t need to open any ports on your local firewall. The client only makes outbound connections.